[PATCH 01/17] QoS: Do not manually load iptables modules

List overview All Threads
Download

newer

older

[PATCH] vpnmain.cgi+ovpnmain.cgi:...

[PATCH] sysctl: Adopt more...

Michael Tremer

14 Oct 2019 14 Oct '19

4:46 p.m.

This should not be necessary and causes the script to wait for two seconds.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 4 ---- 1 file changed, 4 deletions(-)

diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index bc460db92..f799b74a5 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -407,10 +407,6 @@ print <<END ###

### BRING UP $qossettings{'IMQ_DEV'} - if [ `lsmod | grep -q ipt_IMQ` ]; then - insmod ipt_IMQ - sleep 2 - fi modprobe imq numdevs=1 numqueues=$(grep -c "^processor" /proc/cpuinfo || echo 1) ip link set $qossettings{'IMQ_DEV'} up

-- 2.20.1

Show replies by date

Michael Tremer

14 Oct 14 Oct

4:46 p.m.

New subject: [PATCH 02/17] QoS: Use Intermediate Functional Block

This is an alternative implementation to the Intermediate Queuing Device (IMQ) which is an out-of-tree kernel patch and has been criticised for being slow, especially with mutliple processors.

IFB is part of the mainline kernel and a lot less code.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index f799b74a5..b2ceb5773 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -406,10 +406,22 @@ print <<END ### $qossettings{'IMQ_DEV'} ###

+ tc qdisc del dev $qossettings{'RED_DEV'} root + tc qdisc del dev $qossettings{'RED_DEV'} ingress + tc qdisc add dev $qossettings{'RED_DEV'} handle ffff: ingress + ### BRING UP $qossettings{'IMQ_DEV'} - modprobe imq numdevs=1 numqueues=$(grep -c "^processor" /proc/cpuinfo || echo 1) + if [ ! -d "/sys/class/net/$qossettings{'IMQ_DEV'}" ]; then + ip link add name $qossettings{'IMQ_DEV'} type ifb + fi + + #tc qdisc del dev $qossettings{'IMQ_DEV'} root + #tc qdisc del dev $qossettings{'IMQ_DEV'} ingress ip link set $qossettings{'IMQ_DEV'} up

+ tc filter add dev $qossettings{'RED_DEV'} parent ffff: protocol all u32 match u32 0 0 \ + action mirred egress redirect dev $qossettings{'IMQ_DEV'} + ### ADD HTB QDISC FOR $qossettings{'IMQ_DEV'} tc qdisc del dev $qossettings{'IMQ_DEV'} root >/dev/null 2>&1 tc qdisc add dev $qossettings{'IMQ_DEV'} root handle 2: htb default $qossettings{'DEFCLASS_INC'} @@ -510,7 +522,6 @@ print <<END iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN - iptables -t mangle -A POSTROUTING -m mark ! --mark 0 ! -o $qossettings{'RED_DEV'} -j IMQ --todev 0 iptables -t mangle -I FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC iptables -t mangle -A FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS

@@ -527,7 +538,6 @@ print <<END iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j IMQ --todev 0 iptables -t mangle -I PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS

@@ -688,16 +698,14 @@ print <<END tc qdisc add root dev $qossettings{'IMQ_DEV'} fq_codel >/dev/null 2>&1 # STOP IMQ-DEVICE ip link set $qossettings{'IMQ_DEV'} down >/dev/null 2>&1 + + # REMOVE & FLUSH CHAINS iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1 iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1 iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete POSTROUTING -m mark ! --mark 0 ! -o $qossettings{'RED_DEV'} -j IMQ --todev 0 >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j IMQ --todev 0 >/dev/null 2>&1 - # rmmod imq # this crash on 2.6.25.xx - # REMOVE & FLUSH CHAINS iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --flush QOS-OUT >/dev/null 2>&1

-- 2.20.1

Michael Tremer

4:46 p.m.

New subject: [PATCH 03/17] Revert "Make IMQ Switchable between PREROUTING and POSTROUTING"

This reverts commit 88b8ffac6b258e7b7687eb26111134bf435e23ca.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-)

diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index b2ceb5773..d327ddf1a 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -75,7 +75,6 @@ $qossettings{'RED_DEV'} = `cat /var/ipfire/red/iface`; $qossettings{'IMQ_DEV'} = 'imq0'; $qossettings{'TOS'} = ''; $qossettings{'VALID'} = 'yes'; -$qossettings{'IMQ_MODE'} = 'PREROUTING';

&General::readhash("${General::swroot}/qos/settings", %qossettings);

@@ -512,9 +511,6 @@ foreach $subclassentry (sort @subclasses) { print "\ttc filter add dev $qossettings{'DEVICE'} parent 2:0 prio 0 protocol ip handle $qossettings{'SCLASS'} fw flowid 2:$qossettings{'SCLASS'}\n"; } } - -if ( $qossettings{'IMQ_MODE'} eq 'POSTROUTING' ) -{ print <<END

### ADD QOS-INC CHAIN TO THE MANGLE TABLE IN IPTABLES @@ -528,24 +524,6 @@ print <<END ### SET TOS END ; -} -else -{ -print <<END - - ### ADD QOS-INC CHAIN TO THE MANGLE TABLE IN IPTABLES - iptables -t mangle -N QOS-INC - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN - iptables -t mangle -I PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS - - ### SET TOS -END -; -} - foreach $tosruleentry (sort @tosrules) { @tosruleline = split( /;/, $tosruleentry ); @@ -710,10 +688,8 @@ print <<END iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --flush QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-OUT >/dev/null 2>&1 - iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 - iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 + iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC + iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS iptables -t mangle --flush QOS-INC >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-INC >/dev/null 2>&1 iptables -t mangle --flush QOS-TOS >/dev/null 2>&1

-- 2.20.1

Michael Tremer

4:46 p.m.

New subject: [PATCH 04/17] QoS: Tidy up qdiscs after QoS is being stopped

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 3 +++ 1 file changed, 3 insertions(+)

diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index d327ddf1a..33359c1f5 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -671,11 +671,14 @@ print <<END (sleep 3 && killall -9 qosd &>/dev/null) & # DELETE QDISCS tc qdisc del dev $qossettings{'RED_DEV'} root >/dev/null 2>&1 + tc qdisc del dev $qossettings{'RED_DEV'} ingress >/dev/null 2>&1 tc qdisc add root dev $qossettings{'RED_DEV'} fq_codel >/dev/null 2>&1 tc qdisc del dev $qossettings{'IMQ_DEV'} root >/dev/null 2>&1 + tc qdisc del dev $qossettings{'IMQ_DEV'} ingress >/dev/null 2>&1 tc qdisc add root dev $qossettings{'IMQ_DEV'} fq_codel >/dev/null 2>&1 # STOP IMQ-DEVICE ip link set $qossettings{'IMQ_DEV'} down >/dev/null 2>&1 + ip link del $qossettings{'IMQ_DEV'} >/dev/null 2>&1

# REMOVE & FLUSH CHAINS iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1

-- 2.20.1

Michael Tremer

4:46 p.m.

New subject: [PATCH 05/17] QoS: Process incoming packets in PREROUTING only

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 33359c1f5..9cbb9cafa 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -515,11 +515,11 @@ print <<END

### ADD QOS-INC CHAIN TO THE MANGLE TABLE IN IPTABLES iptables -t mangle -N QOS-INC - iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN - iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN - iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN - iptables -t mangle -I FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC - iptables -t mangle -A FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS + iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN + iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN + iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN + iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC + iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS

### SET TOS END @@ -689,10 +689,10 @@ print <<END iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 + iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 + iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --flush QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-OUT >/dev/null 2>&1 - iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC - iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS iptables -t mangle --flush QOS-INC >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-INC >/dev/null 2>&1 iptables -t mangle --flush QOS-TOS >/dev/null 2>&1

-- 2.20.1

Michael Tremer

4:46 p.m.

New subject: [PATCH 06/17] QoS: Silence RRD tool warnings

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 9cbb9cafa..92b2d9e77 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -659,7 +659,7 @@ print <<END ( sleep 10 && /usr/local/bin/qosd $qossettings{'IMQ_DEV'} >/dev/null 2>&1) &

for i in $(ls $RRDLOG/class_*.rrd); do - rrdtool update $i $(date +%s): + rrdtool update $i $(date +%s): 2>/dev/null done

echo "Quality of Service was successfully started!"

-- 2.20.1

Michael Tremer

4:46 p.m.

New subject: [PATCH 07/17] QoS: Start qosd immediately

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 92b2d9e77..70eadf17b 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -655,8 +655,8 @@ END print <<END

## STARTING COLLECTOR - ( sleep 10 && /usr/local/bin/qosd $qossettings{'RED_DEV'} >/dev/null 2>&1) & - ( sleep 10 && /usr/local/bin/qosd $qossettings{'IMQ_DEV'} >/dev/null 2>&1) & + /usr/local/bin/qosd $qossettings{'RED_DEV'} >/dev/null 2>&1 + /usr/local/bin/qosd $qossettings{'IMQ_DEV'} >/dev/null 2>&1

for i in $(ls $RRDLOG/class_*.rrd); do rrdtool update $i $(date +%s): 2>/dev/null @@ -668,7 +668,7 @@ print <<END clear|stop) ### RESET EVERYTHING TO A KNOWN STATE killall qosd >/dev/null 2>&1 - (sleep 3 && killall -9 qosd &>/dev/null) & + # DELETE QDISCS tc qdisc del dev $qossettings{'RED_DEV'} root >/dev/null 2>&1 tc qdisc del dev $qossettings{'RED_DEV'} ingress >/dev/null 2>&1

-- 2.20.1

Michael Tremer

4:46 p.m.

New subject: [PATCH 08/17] QoS: Do not delete egress qdisc after classes have been created

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 1 - 1 file changed, 1 deletion(-)

diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 70eadf17b..386a6bffe 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -405,7 +405,6 @@ print <<END ### $qossettings{'IMQ_DEV'} ###

- tc qdisc del dev $qossettings{'RED_DEV'} root tc qdisc del dev $qossettings{'RED_DEV'} ingress tc qdisc add dev $qossettings{'RED_DEV'} handle ffff: ingress

-- 2.20.1

Michael Tremer

4:46 p.m.

New subject: [PATCH 09/17] linux+iptables: Drop support for IMQ

This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/kernel/kernel.config.aarch64-ipfire | 7 - .../kernel.config.armv5tel-ipfire-kirkwood | 7 - .../kernel.config.armv5tel-ipfire-multi | 7 - config/kernel/kernel.config.i586-ipfire | 7 - config/kernel/kernel.config.i586-ipfire-pae | 7 - config/kernel/kernel.config.x86_64-ipfire | 7 - config/rootfiles/common/aarch64/linux | 13 - .../rootfiles/common/armv5tel/linux-kirkwood | 13 - config/rootfiles/common/armv5tel/linux-multi | 13 - config/rootfiles/common/i586/linux | 13 - config/rootfiles/common/iptables | 1 - config/rootfiles/common/x86_64/linux | 13 - config/rootfiles/packages/linux-pae | 13 - lfs/iptables | 3 - lfs/linux | 3 - src/patches/iptables-1.4.12-IMQ-test4.diff | 141 -- src/patches/linux/linux-4.14-imq.diff | 1759 ----------------- 17 files changed, 2027 deletions(-) delete mode 100644 src/patches/iptables-1.4.12-IMQ-test4.diff delete mode 100644 src/patches/linux/linux-4.14-imq.diff

diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index f9a73b850..e4634855c 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -908,7 +908,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -1992,12 +1991,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood index b133a6d8c..b07ee985d 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood +++ b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood @@ -894,7 +894,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -1955,12 +1954,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi index c7cc2ec25..5185e0e7e 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -1166,7 +1166,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2263,12 +2262,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index e149ccdec..fd8b7a9fe 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -1102,7 +1102,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2171,12 +2170,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kernel.config.i586-ipfire-pae index eb2e87453..49f9d7dad 100644 --- a/config/kernel/kernel.config.i586-ipfire-pae +++ b/config/kernel/kernel.config.i586-ipfire-pae @@ -1120,7 +1120,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2191,12 +2190,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index 618a52f5b..7f345d65c 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -1094,7 +1094,6 @@ CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_TARGET_IMQ=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=y CONFIG_NETFILTER_XT_TARGET_NETMAP=m @@ -2148,12 +2147,6 @@ CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y CONFIG_NET_POLL_CONTROLLER=y -CONFIG_IMQ=m -# CONFIG_IMQ_BEHAVIOR_AA is not set -CONFIG_IMQ_BEHAVIOR_AB=y -# CONFIG_IMQ_BEHAVIOR_BA is not set -# CONFIG_IMQ_BEHAVIOR_BB is not set -CONFIG_IMQ_NUM_DEVS=2 CONFIG_TUN=m CONFIG_TAP=m # CONFIG_TUN_VNET_CROSS_LE is not set diff --git a/config/rootfiles/common/aarch64/linux b/config/rootfiles/common/aarch64/linux index 0451cadcd..d8e93542d 100644 --- a/config/rootfiles/common/aarch64/linux +++ b/config/rootfiles/common/aarch64/linux @@ -7648,12 +7648,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/illegal #lib/modules/KVER-ipfire/build/include/config/illegal/pointer #lib/modules/KVER-ipfire/build/include/config/illegal/pointer/value.h -#lib/modules/KVER-ipfire/build/include/config/imq -#lib/modules/KVER-ipfire/build/include/config/imq.h -#lib/modules/KVER-ipfire/build/include/config/imq/behavior -#lib/modules/KVER-ipfire/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire/build/include/config/imq/num -#lib/modules/KVER-ipfire/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire/build/include/config/inet #lib/modules/KVER-ipfire/build/include/config/inet.h #lib/modules/KVER-ipfire/build/include/config/inet/ah.h @@ -8793,7 +8787,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/mark.h @@ -12157,7 +12150,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire/build/include/linux/iio/types.h #lib/modules/KVER-ipfire/build/include/linux/ima.h -#lib/modules/KVER-ipfire/build/include/linux/imq.h #lib/modules/KVER-ipfire/build/include/linux/imx-media.h #lib/modules/KVER-ipfire/build/include/linux/in.h #lib/modules/KVER-ipfire/build/include/linux/in6.h @@ -12770,7 +12762,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_arp @@ -12784,11 +12775,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netlink.h #lib/modules/KVER-ipfire/build/include/linux/netpoll.h #lib/modules/KVER-ipfire/build/include/linux/nfs.h @@ -18482,7 +18471,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/drivers/net/ethernet/wiznet/w5300.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/geneve.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -19450,7 +19438,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/armv5tel/linux-kirkwood b/config/rootfiles/common/armv5tel/linux-kirkwood index 78d0050de..2269896d8 100644 --- a/config/rootfiles/common/armv5tel/linux-kirkwood +++ b/config/rootfiles/common/armv5tel/linux-kirkwood @@ -7370,12 +7370,6 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/config/iio/kfifo #lib/modules/KVER-ipfire-kirkwood/build/include/config/iio/kfifo/buf.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/iio/trigger.h -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq.h -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/behavior -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/num -#lib/modules/KVER-ipfire-kirkwood/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/inet #lib/modules/KVER-ipfire-kirkwood/build/include/config/inet.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/inet/ah.h @@ -8455,7 +8449,6 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/netfilter/xt/target/mark.h @@ -11454,7 +11447,6 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/iio/types.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/ima.h -#lib/modules/KVER-ipfire-kirkwood/build/include/linux/imq.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/imx-media.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/in.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/in6.h @@ -12067,7 +12059,6 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_arp @@ -12081,11 +12072,9 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire-kirkwood/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netlink.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/netpoll.h #lib/modules/KVER-ipfire-kirkwood/build/include/linux/nfs.h @@ -17461,7 +17450,6 @@ lib/modules/KVER-ipfire-kirkwood/kernel #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ethernet/rocker/rocker.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/geneve.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -18392,7 +18380,6 @@ lib/modules/KVER-ipfire-kirkwood/kernel #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire-kirkwood/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/armv5tel/linux-multi b/config/rootfiles/common/armv5tel/linux-multi index 08a5f601c..1e7a090d9 100644 --- a/config/rootfiles/common/armv5tel/linux-multi +++ b/config/rootfiles/common/armv5tel/linux-multi @@ -8353,12 +8353,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/config/iio/kfifo #lib/modules/KVER-ipfire-multi/build/include/config/iio/kfifo/buf.h #lib/modules/KVER-ipfire-multi/build/include/config/iio/trigger.h -#lib/modules/KVER-ipfire-multi/build/include/config/imq -#lib/modules/KVER-ipfire-multi/build/include/config/imq.h -#lib/modules/KVER-ipfire-multi/build/include/config/imq/behavior -#lib/modules/KVER-ipfire-multi/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire-multi/build/include/config/imq/num -#lib/modules/KVER-ipfire-multi/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire-multi/build/include/config/imx #lib/modules/KVER-ipfire-multi/build/include/config/imx/dma.h #lib/modules/KVER-ipfire-multi/build/include/config/imx/gpcv2.h @@ -9588,7 +9582,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire-multi/build/include/config/netfilter/xt/target/mark.h @@ -13192,7 +13185,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire-multi/build/include/linux/iio/types.h #lib/modules/KVER-ipfire-multi/build/include/linux/ima.h -#lib/modules/KVER-ipfire-multi/build/include/linux/imq.h #lib/modules/KVER-ipfire-multi/build/include/linux/imx-media.h #lib/modules/KVER-ipfire-multi/build/include/linux/in.h #lib/modules/KVER-ipfire-multi/build/include/linux/in6.h @@ -13805,7 +13797,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_arp @@ -13819,11 +13810,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire-multi/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire-multi/build/include/linux/netlink.h #lib/modules/KVER-ipfire-multi/build/include/linux/netpoll.h #lib/modules/KVER-ipfire-multi/build/include/linux/nfs.h @@ -19598,7 +19587,6 @@ lib/modules/KVER-ipfire-multi/kernel #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ethernet/wiznet/w5300.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/geneve.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire-multi/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire-multi/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -20588,7 +20576,6 @@ lib/modules/KVER-ipfire-multi/kernel #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire-multi/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/i586/linux b/config/rootfiles/common/i586/linux index 1a1ca83a7..1fe01233f 100644 --- a/config/rootfiles/common/i586/linux +++ b/config/rootfiles/common/i586/linux @@ -8187,12 +8187,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/illegal #lib/modules/KVER-ipfire/build/include/config/illegal/pointer #lib/modules/KVER-ipfire/build/include/config/illegal/pointer/value.h -#lib/modules/KVER-ipfire/build/include/config/imq -#lib/modules/KVER-ipfire/build/include/config/imq.h -#lib/modules/KVER-ipfire/build/include/config/imq/behavior -#lib/modules/KVER-ipfire/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire/build/include/config/imq/num -#lib/modules/KVER-ipfire/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire/build/include/config/inet #lib/modules/KVER-ipfire/build/include/config/inet.h #lib/modules/KVER-ipfire/build/include/config/inet/ah.h @@ -9472,7 +9466,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/mark.h @@ -13456,7 +13449,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire/build/include/linux/iio/types.h #lib/modules/KVER-ipfire/build/include/linux/ima.h -#lib/modules/KVER-ipfire/build/include/linux/imq.h #lib/modules/KVER-ipfire/build/include/linux/imx-media.h #lib/modules/KVER-ipfire/build/include/linux/in.h #lib/modules/KVER-ipfire/build/include/linux/in6.h @@ -14069,7 +14061,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_arp @@ -14083,11 +14074,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netlink.h #lib/modules/KVER-ipfire/build/include/linux/netpoll.h #lib/modules/KVER-ipfire/build/include/linux/nfs.h @@ -20196,7 +20185,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv/hv_netvsc.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -21531,7 +21519,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables index 389518646..0f8f1cf8c 100644 --- a/config/rootfiles/common/iptables +++ b/config/rootfiles/common/iptables @@ -64,7 +64,6 @@ lib/xtables/libxt_CT.so lib/xtables/libxt_DSCP.so lib/xtables/libxt_HMARK.so lib/xtables/libxt_IDLETIMER.so -lib/xtables/libxt_IMQ.so lib/xtables/libxt_LED.so lib/xtables/libxt_MARK.so lib/xtables/libxt_NFLOG.so diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux index 755d7627a..68f907faa 100644 --- a/config/rootfiles/common/x86_64/linux +++ b/config/rootfiles/common/x86_64/linux @@ -8265,12 +8265,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/illegal #lib/modules/KVER-ipfire/build/include/config/illegal/pointer #lib/modules/KVER-ipfire/build/include/config/illegal/pointer/value.h -#lib/modules/KVER-ipfire/build/include/config/imq -#lib/modules/KVER-ipfire/build/include/config/imq.h -#lib/modules/KVER-ipfire/build/include/config/imq/behavior -#lib/modules/KVER-ipfire/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire/build/include/config/imq/num -#lib/modules/KVER-ipfire/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire/build/include/config/inet #lib/modules/KVER-ipfire/build/include/config/inet.h #lib/modules/KVER-ipfire/build/include/config/inet/ah.h @@ -9529,7 +9523,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire/build/include/config/netfilter/xt/target/mark.h @@ -13471,7 +13464,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire/build/include/linux/iio/types.h #lib/modules/KVER-ipfire/build/include/linux/ima.h -#lib/modules/KVER-ipfire/build/include/linux/imq.h #lib/modules/KVER-ipfire/build/include/linux/imx-media.h #lib/modules/KVER-ipfire/build/include/linux/in.h #lib/modules/KVER-ipfire/build/include/linux/in6.h @@ -14084,7 +14076,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_arp @@ -14098,11 +14089,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire/build/include/linux/netlink.h #lib/modules/KVER-ipfire/build/include/linux/netpoll.h #lib/modules/KVER-ipfire/build/include/linux/nfs.h @@ -20209,7 +20198,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv #lib/modules/KVER-ipfire/kernel/drivers/net/hyperv/hv_netvsc.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -21522,7 +21510,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/config/rootfiles/packages/linux-pae b/config/rootfiles/packages/linux-pae index 590595828..f3966ce75 100644 --- a/config/rootfiles/packages/linux-pae +++ b/config/rootfiles/packages/linux-pae @@ -8189,12 +8189,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/illegal #lib/modules/KVER-ipfire-pae/build/include/config/illegal/pointer #lib/modules/KVER-ipfire-pae/build/include/config/illegal/pointer/value.h -#lib/modules/KVER-ipfire-pae/build/include/config/imq -#lib/modules/KVER-ipfire-pae/build/include/config/imq.h -#lib/modules/KVER-ipfire-pae/build/include/config/imq/behavior -#lib/modules/KVER-ipfire-pae/build/include/config/imq/behavior/ab.h -#lib/modules/KVER-ipfire-pae/build/include/config/imq/num -#lib/modules/KVER-ipfire-pae/build/include/config/imq/num/devs.h #lib/modules/KVER-ipfire-pae/build/include/config/inet #lib/modules/KVER-ipfire-pae/build/include/config/inet.h #lib/modules/KVER-ipfire-pae/build/include/config/inet/ah.h @@ -9474,7 +9468,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/hl.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/hmark.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/idletimer.h -#lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/imq.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/led.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/log.h #lib/modules/KVER-ipfire-pae/build/include/config/netfilter/xt/target/mark.h @@ -13526,7 +13519,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/iio/triggered_event.h #lib/modules/KVER-ipfire-pae/build/include/linux/iio/types.h #lib/modules/KVER-ipfire-pae/build/include/linux/ima.h -#lib/modules/KVER-ipfire-pae/build/include/linux/imq.h #lib/modules/KVER-ipfire-pae/build/include/linux/imx-media.h #lib/modules/KVER-ipfire-pae/build/include/linux/in.h #lib/modules/KVER-ipfire-pae/build/include/linux/in6.h @@ -14139,7 +14131,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/nfnetlink.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/nfnetlink_acct.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/x_tables.h -#lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/xt_IMQ.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/xt_hashlimit.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/xt_physdev.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_arp @@ -14153,11 +14144,9 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4 #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4/ip_tables.h -#lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv4/ipt_IMQ.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6 #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6/ip6_tables.h -#lib/modules/KVER-ipfire-pae/build/include/linux/netfilter_ipv6/ip6t_IMQ.h #lib/modules/KVER-ipfire-pae/build/include/linux/netlink.h #lib/modules/KVER-ipfire-pae/build/include/linux/netpoll.h #lib/modules/KVER-ipfire-pae/build/include/linux/nfs.h @@ -20267,7 +20256,6 @@ lib/modules/KVER-ipfire-pae/kernel #lib/modules/KVER-ipfire-pae/kernel/drivers/net/hyperv #lib/modules/KVER-ipfire-pae/kernel/drivers/net/hyperv/hv_netvsc.ko.xz #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ifb.ko.xz -#lib/modules/KVER-ipfire-pae/kernel/drivers/net/imq.ko.xz #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ipvlan #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ipvlan/ipvlan.ko.xz #lib/modules/KVER-ipfire-pae/kernel/drivers/net/ipvlan/ipvtap.ko.xz @@ -21618,7 +21606,6 @@ lib/modules/KVER-ipfire-pae/kernel #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_HL.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_HMARK.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_IDLETIMER.ko.xz -#lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_IMQ.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_LED.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_LOG.ko.xz #lib/modules/KVER-ipfire-pae/kernel/net/netfilter/xt_NETMAP.ko.xz diff --git a/lfs/iptables b/lfs/iptables index b91e41797..e2012ecb6 100644 --- a/lfs/iptables +++ b/lfs/iptables @@ -79,9 +79,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.23/iptables-1.4.3forward-for-kernel-2.6.20forward/* \ ./extensions/

- # imq - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.12-IMQ-test4.diff - cd $(DIR_APP) && ./configure \ --prefix=/usr \ --libdir=/lib \ diff --git a/lfs/linux b/lfs/linux index dbf9fe194..677e9afed 100644 --- a/lfs/linux +++ b/lfs/linux @@ -118,9 +118,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))

ln -svf linux-$(VER) $(DIR_SRC)/linux

- # Linux Intermediate Queueing Device - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14-imq.diff - # Layer7-patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14-layer7.patch

diff --git a/src/patches/iptables-1.4.12-IMQ-test4.diff b/src/patches/iptables-1.4.12-IMQ-test4.diff deleted file mode 100644 index 5ce17e1b4..000000000 --- a/src/patches/iptables-1.4.12-IMQ-test4.diff +++ /dev/null @@ -1,141 +0,0 @@ -diff -Naur iptables-1.4.12.1/extensions/libxt_IMQ.c iptables-1.4.12.1-imq/extensions/libxt_IMQ.c ---- iptables-1.4.12.1/extensions/libxt_IMQ.c 1970-01-01 02:00:00.000000000 +0200 -+++ iptables-1.4.12.1-imq/extensions/libxt_IMQ.c 2011-09-30 13:53:21.000000000 +0300 -@@ -0,0 +1,105 @@ -+/* Shared library add-on to iptables to add IMQ target support. */ -+#include <stdio.h> -+#include <string.h> -+#include <stdlib.h> -+#include <getopt.h> -+ -+#include <xtables.h> -+#include <linux/netfilter/x_tables.h> -+#include <linux/netfilter/xt_IMQ.h> -+ -+/* Function which prints out usage message. */ -+static void IMQ_help(void) -+{ -+ printf( -+"IMQ target options:\n" -+" --todev <N> enqueue to imq<N>, defaults to 0\n"); -+ -+} -+ -+static struct option IMQ_opts[] = { -+ { "todev", 1, 0, '1' }, -+ { 0 } -+}; -+ -+/* Initialize the target. */ -+static void IMQ_init(struct xt_entry_target *t) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)t->data; -+ -+ mr->todev = 0; -+} -+ -+/* Function which parses command options; returns true if it -+ ate an option */ -+static int IMQ_parse(int c, char **argv, int invert, unsigned int *flags, -+ const void *entry, struct xt_entry_target **target) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)(*target)->data; -+ -+ switch(c) { -+ case '1': -+/* if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) -+ xtables_error(PARAMETER_PROBLEM, -+ "Unexpected `!' after --todev"); -+*/ -+ mr->todev=atoi(optarg); -+ break; -+ -+ default: -+ return 0; -+ } -+ return 1; -+} -+ -+/* Prints out the targinfo. */ -+static void IMQ_print(const void *ip, -+ const struct xt_entry_target *target, -+ int numeric) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; -+ -+ printf("IMQ: todev %u ", mr->todev); -+} -+ -+/* Saves the union ipt_targinfo in parsable form to stdout. */ -+static void IMQ_save(const void *ip, const struct xt_entry_target *target) -+{ -+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data; -+ -+ printf(" --todev %u", mr->todev); -+} -+ -+static struct xtables_target imq_target = { -+ .name = "IMQ", -+ .version = XTABLES_VERSION, -+ .family = NFPROTO_IPV4, -+ .size = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .help = IMQ_help, -+ .init = IMQ_init, -+ .parse = IMQ_parse, -+ .print = IMQ_print, -+ .save = IMQ_save, -+ .extra_opts = IMQ_opts, -+}; -+ -+static struct xtables_target imq_target6 = { -+ .name = "IMQ", -+ .version = XTABLES_VERSION, -+ .family = NFPROTO_IPV6, -+ .size = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)), -+ .help = IMQ_help, -+ .init = IMQ_init, -+ .parse = IMQ_parse, -+ .print = IMQ_print, -+ .save = IMQ_save, -+ .extra_opts = IMQ_opts, -+}; -+ -+// void __attribute((constructor)) nf_ext_init(void){ -+void _init(void){ -+ xtables_register_target(&imq_target); -+ xtables_register_target(&imq_target6); -+} -diff -Naur iptables-1.4.12.1/extensions/libxt_IMQ.man iptables-1.4.12.1-imq/extensions/libxt_IMQ.man ---- iptables-1.4.12.1/extensions/libxt_IMQ.man 1970-01-01 02:00:00.000000000 +0200 -+++ iptables-1.4.12.1-imq/extensions/libxt_IMQ.man 2011-09-30 13:53:21.000000000 +0300 -@@ -0,0 +1,15 @@ -+This target is used to redirect the traffic to the IMQ driver and you can apply -+QoS rules like HTB or CBQ. -+For example you can select only traffic comming from a specific interface or -+is going out on a specific interface. -+Also it permits to capture the traffic BEFORE NAT in the case of outgoing traffic -+or AFTER NAT in the case of incomming traffic. -+.TP -+\fB--to-dev\fP \fIvalue\fP -+Set the IMQ interface where to send this traffic -+.TP -+Example: -+.TP -+Redirect incomming traffic from interface eth0 to imq0 and outgoing traffic to imq1: -+iptables -t mangle -A FORWARD -i eth0 -j IMQ --to-dev 0 -+iptables -t mangle -A FORWARD -o eth0 -j IMQ --to-dev 1 -diff -Naur iptables-1.4.12.1/include/linux/netfilter/xt_IMQ.h iptables-1.4.12.1-imq/include/linux/netfilter/xt_IMQ.h ---- iptables-1.4.12.1/include/linux/netfilter/xt_IMQ.h 1970-01-01 02:00:00.000000000 +0200 -+++ iptables-1.4.12.1-imq/include/linux/netfilter/xt_IMQ.h 2011-09-30 13:53:21.000000000 +0300 -@@ -0,0 +1,9 @@ -+#ifndef _XT_IMQ_H -+#define _XT_IMQ_H -+ -+struct xt_imq_info { -+ unsigned int todev; /* target imq device */ -+}; -+ -+#endif /* _XT_IMQ_H */ -+ diff --git a/src/patches/linux/linux-4.14-imq.diff b/src/patches/linux/linux-4.14-imq.diff deleted file mode 100644 index 0281bf6e4..000000000 --- a/src/patches/linux/linux-4.14-imq.diff +++ /dev/null @@ -1,1759 +0,0 @@ -diff -Naupr linux-4.14_orig/drivers/net/imq.c linux-4.14/drivers/net/imq.c ---- linux-4.14_orig/drivers/net/imq.c 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/drivers/net/imq.c 2017-11-13 11:46:45.844089945 +0700 -@@ -0,0 +1,962 @@ -+/* -+ * Pseudo-driver for the intermediate queue device. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Authors: Patrick McHardy, kaber@trash.net -+ * -+ * The first version was written by Martin Devera, devik@cdi.cz -+ * -+ * See Credits.txt -+ */ -+ -+#include <linux/module.h> -+#include <linux/kernel.h> -+#include <linux/moduleparam.h> -+#include <linux/list.h> -+#include <linux/skbuff.h> -+#include <linux/netdevice.h> -+#include <linux/etherdevice.h> -+#include <linux/rtnetlink.h> -+#include <linux/if_arp.h> -+#include <linux/netfilter.h> -+#include <linux/netfilter_ipv4.h> -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+#include <linux/netfilter_ipv6.h> -+#endif -+#include <linux/imq.h> -+#include <net/pkt_sched.h> -+#include <net/netfilter/nf_queue.h> -+#include <net/sock.h> -+#include <linux/ip.h> -+#include <linux/ipv6.h> -+#include <linux/if_vlan.h> -+#include <linux/if_pppox.h> -+#include <net/ip.h> -+#include <net/ipv6.h> -+ -+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num); -+ -+static nf_hookfn imq_nf_hook; -+ -+static struct nf_hook_ops imq_ops[] = { -+ { -+ /* imq_ingress_ipv4 */ -+ .hook = imq_nf_hook, -+ .pf = PF_INET, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP_PRI_MANGLE + 1, -+#else -+ .priority = NF_IP_PRI_NAT_DST + 1, -+#endif -+ }, -+ { -+ /* imq_egress_ipv4 */ -+ .hook = imq_nf_hook, -+ .pf = PF_INET, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP_PRI_LAST, -+#else -+ .priority = NF_IP_PRI_NAT_SRC - 1, -+#endif -+ }, -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ { -+ /* imq_ingress_ipv6 */ -+ .hook = imq_nf_hook, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_PRE_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ .priority = NF_IP6_PRI_MANGLE + 1, -+#else -+ .priority = NF_IP6_PRI_NAT_DST + 1, -+#endif -+ }, -+ { -+ /* imq_egress_ipv6 */ -+ .hook = imq_nf_hook, -+ .pf = PF_INET6, -+ .hooknum = NF_INET_POST_ROUTING, -+#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) -+ .priority = NF_IP6_PRI_LAST, -+#else -+ .priority = NF_IP6_PRI_NAT_SRC - 1, -+#endif -+ }, -+#endif -+}; -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+static int numdevs = CONFIG_IMQ_NUM_DEVS; -+#else -+static int numdevs = IMQ_MAX_DEVS; -+#endif -+ -+static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; -+ -+#define IMQ_MAX_QUEUES 32 -+static int numqueues = 1; -+static u32 imq_hashrnd; -+static int imq_dev_accurate_stats = 1; -+ -+static inline __be16 pppoe_proto(const struct sk_buff *skb) -+{ -+ return *((__be16 *)(skb_mac_header(skb) + ETH_HLEN + -+ sizeof(struct pppoe_hdr))); -+} -+ -+static u16 imq_hash(struct net_device *dev, struct sk_buff *skb) -+{ -+ unsigned int pull_len; -+ u16 protocol = skb->protocol; -+ u32 addr1, addr2; -+ u32 hash, ihl = 0; -+ union { -+ u16 in16[2]; -+ u32 in32; -+ } ports; -+ u8 ip_proto; -+ -+ pull_len = 0; -+ -+recheck: -+ switch (protocol) { -+ case htons(ETH_P_8021Q): { -+ if (unlikely(skb_pull(skb, VLAN_HLEN) == NULL)) -+ goto other; -+ -+ pull_len += VLAN_HLEN; -+ skb->network_header += VLAN_HLEN; -+ -+ protocol = vlan_eth_hdr(skb)->h_vlan_encapsulated_proto; -+ goto recheck; -+ } -+ -+ case htons(ETH_P_PPP_SES): { -+ if (unlikely(skb_pull(skb, PPPOE_SES_HLEN) == NULL)) -+ goto other; -+ -+ pull_len += PPPOE_SES_HLEN; -+ skb->network_header += PPPOE_SES_HLEN; -+ -+ protocol = pppoe_proto(skb); -+ goto recheck; -+ } -+ -+ case htons(ETH_P_IP): { -+ const struct iphdr *iph = ip_hdr(skb); -+ -+ if (unlikely(!pskb_may_pull(skb, sizeof(struct iphdr)))) -+ goto other; -+ -+ addr1 = iph->daddr; -+ addr2 = iph->saddr; -+ -+ ip_proto = !(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) ? -+ iph->protocol : 0; -+ ihl = ip_hdrlen(skb); -+ -+ break; -+ } -+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -+ case htons(ETH_P_IPV6): { -+ const struct ipv6hdr *iph = ipv6_hdr(skb); -+ __be16 fo = 0; -+ -+ if (unlikely(!pskb_may_pull(skb, sizeof(struct ipv6hdr)))) -+ goto other; -+ -+ addr1 = iph->daddr.s6_addr32[3]; -+ addr2 = iph->saddr.s6_addr32[3]; -+ ihl = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &ip_proto, -+ &fo); -+ if (unlikely(ihl < 0)) -+ goto other; -+ -+ break; -+ } -+#endif -+ default: -+other: -+ if (pull_len != 0) { -+ skb_push(skb, pull_len); -+ skb->network_header -= pull_len; -+ } -+ -+ return (u16)(ntohs(protocol) % dev->real_num_tx_queues); -+ } -+ -+ if (addr1 > addr2) -+ swap(addr1, addr2); -+ -+ switch (ip_proto) { -+ case IPPROTO_TCP: -+ case IPPROTO_UDP: -+ case IPPROTO_DCCP: -+ case IPPROTO_ESP: -+ case IPPROTO_AH: -+ case IPPROTO_SCTP: -+ case IPPROTO_UDPLITE: { -+ if (likely(skb_copy_bits(skb, ihl, &ports.in32, 4) >= 0)) { -+ if (ports.in16[0] > ports.in16[1]) -+ swap(ports.in16[0], ports.in16[1]); -+ break; -+ } -+ /* fall-through */ -+ } -+ default: -+ ports.in32 = 0; -+ break; -+ } -+ -+ if (pull_len != 0) { -+ skb_push(skb, pull_len); -+ skb->network_header -= pull_len; -+ } -+ -+ hash = jhash_3words(addr1, addr2, ports.in32, imq_hashrnd ^ ip_proto); -+ -+ return (u16)(((u64)hash * dev->real_num_tx_queues) >> 32); -+} -+ -+static inline bool sk_tx_queue_recorded(struct sock *sk) -+{ -+ return (sk_tx_queue_get(sk) >= 0); -+} -+ -+static struct netdev_queue *imq_select_queue(struct net_device *dev, -+ struct sk_buff *skb) -+{ -+ u16 queue_index = 0; -+ u32 hash; -+ -+ if (likely(dev->real_num_tx_queues == 1)) -+ goto out; -+ -+ /* IMQ can be receiving ingress or engress packets. */ -+ -+ /* Check first for if rx_queue is set */ -+ if (skb_rx_queue_recorded(skb)) { -+ queue_index = skb_get_rx_queue(skb); -+ goto out; -+ } -+ -+ /* Check if socket has tx_queue set */ -+ if (sk_tx_queue_recorded(skb->sk)) { -+ queue_index = sk_tx_queue_get(skb->sk); -+ goto out; -+ } -+ -+ /* Try use socket hash */ -+ if (skb->sk && skb->sk->sk_hash) { -+ hash = skb->sk->sk_hash; -+ queue_index = -+ (u16)(((u64)hash * dev->real_num_tx_queues) >> 32); -+ goto out; -+ } -+ -+ /* Generate hash from packet data */ -+ queue_index = imq_hash(dev, skb); -+ -+out: -+ if (unlikely(queue_index >= dev->real_num_tx_queues)) -+ queue_index = (u16)((u32)queue_index % dev->real_num_tx_queues); -+ -+ skb_set_queue_mapping(skb, queue_index); -+ return netdev_get_tx_queue(dev, queue_index); -+} -+ -+static struct net_device_stats *imq_get_stats(struct net_device *dev) -+{ -+ return &dev->stats; -+} -+ -+/* called for packets kfree'd in qdiscs at places other than enqueue */ -+static void imq_skb_destructor(struct sk_buff *skb) -+{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; -+ -+ skb->nf_queue_entry = NULL; -+ -+ if (entry) { -+ nf_queue_entry_release_refs(entry); -+ kfree(entry); -+ } -+ -+ skb_restore_cb(skb); /* kfree backup */ -+} -+ -+static void imq_done_check_queue_mapping(struct sk_buff *skb, -+ struct net_device *dev) -+{ -+ unsigned int queue_index; -+ -+ /* Don't let queue_mapping be left too large after exiting IMQ */ -+ if (likely(skb->dev != dev && skb->dev != NULL)) { -+ queue_index = skb_get_queue_mapping(skb); -+ if (unlikely(queue_index >= skb->dev->real_num_tx_queues)) { -+ queue_index = (u16)((u32)queue_index % -+ skb->dev->real_num_tx_queues); -+ skb_set_queue_mapping(skb, queue_index); -+ } -+ } else { -+ /* skb->dev was IMQ device itself or NULL, be on safe side and -+ * just clear queue mapping. -+ */ -+ skb_set_queue_mapping(skb, 0); -+ } -+} -+ -+static netdev_tx_t imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) -+{ -+ struct nf_queue_entry *entry = skb->nf_queue_entry; -+ -+ rcu_read_lock(); -+ -+ skb->nf_queue_entry = NULL; -+ netif_trans_update(dev); -+ -+ dev->stats.tx_bytes += skb->len; -+ dev->stats.tx_packets++; -+ -+ if (unlikely(entry == NULL)) { -+ /* We don't know what is going on here.. packet is queued for -+ * imq device, but (probably) not by us. -+ * -+ * If this packet was not send here by imq_nf_queue(), then -+ * skb_save_cb() was not used and skb_free() should not show: -+ * WARNING: IMQ: kfree_skb: skb->cb_next:.. -+ * and/or -+ * WARNING: IMQ: kfree_skb: skb->nf_queue_entry... -+ * -+ * However if this message is shown, then IMQ is somehow broken -+ * and you should report this to linuximq.net. -+ */ -+ -+ /* imq_dev_xmit is black hole that eats all packets, report that -+ * we eat this packet happily and increase dropped counters. -+ */ -+ -+ dev->stats.tx_dropped++; -+ dev_kfree_skb(skb); -+ -+ rcu_read_unlock(); -+ return NETDEV_TX_OK; -+ } -+ -+ skb_restore_cb(skb); /* restore skb->cb */ -+ -+ skb->imq_flags = 0; -+ skb->destructor = NULL; -+ -+ imq_done_check_queue_mapping(skb, dev); -+ -+ nf_reinject(entry, NF_ACCEPT); -+ -+ rcu_read_unlock(); -+ return NETDEV_TX_OK; -+} -+ -+static struct net_device *get_imq_device_by_index(int index) -+{ -+ struct net_device *dev = NULL; -+ struct net *net; -+ char buf[8]; -+ -+ /* get device by name and cache result */ -+ snprintf(buf, sizeof(buf), "imq%d", index); -+ -+ /* Search device from all namespaces. */ -+ for_each_net(net) { -+ dev = dev_get_by_name(net, buf); -+ if (dev) -+ break; -+ } -+ -+ if (WARN_ON_ONCE(dev == NULL)) { -+ /* IMQ device not found. Exotic config? */ -+ return ERR_PTR(-ENODEV); -+ } -+ -+ imq_devs_cache[index] = dev; -+ dev_put(dev); -+ -+ return dev; -+} -+ -+static struct nf_queue_entry *nf_queue_entry_dup(struct nf_queue_entry *e) -+{ -+ struct nf_queue_entry *entry = kmemdup(e, e->size, GFP_ATOMIC); -+ if (entry) { -+ nf_queue_entry_get_refs(entry); -+ return entry; -+ } -+ return NULL; -+} -+ -+#ifdef CONFIG_BRIDGE_NETFILTER -+/* When called from bridge netfilter, skb->data must point to MAC header -+ * before calling skb_gso_segment(). Else, original MAC header is lost -+ * and segmented skbs will be sent to wrong destination. -+ */ -+static void nf_bridge_adjust_skb_data(struct sk_buff *skb) -+{ -+ if (skb->nf_bridge) -+ __skb_push(skb, skb->network_header - skb->mac_header); -+} -+ -+static void nf_bridge_adjust_segmented_data(struct sk_buff *skb) -+{ -+ if (skb->nf_bridge) -+ __skb_pull(skb, skb->network_header - skb->mac_header); -+} -+#else -+#define nf_bridge_adjust_skb_data(s) do {} while (0) -+#define nf_bridge_adjust_segmented_data(s) do {} while (0) -+#endif -+ -+static void free_entry(struct nf_queue_entry *entry) -+{ -+ nf_queue_entry_release_refs(entry); -+ kfree(entry); -+} -+ -+static int __imq_nf_queue(struct nf_queue_entry *entry, struct net_device *dev); -+ -+static int __imq_nf_queue_gso(struct nf_queue_entry *entry, -+ struct net_device *dev, struct sk_buff *skb) -+{ -+ int ret = -ENOMEM; -+ struct nf_queue_entry *entry_seg; -+ -+ nf_bridge_adjust_segmented_data(skb); -+ -+ if (skb->next == NULL) { /* last packet, no need to copy entry */ -+ struct sk_buff *gso_skb = entry->skb; -+ entry->skb = skb; -+ ret = __imq_nf_queue(entry, dev); -+ if (ret) -+ entry->skb = gso_skb; -+ return ret; -+ } -+ -+ skb->next = NULL; -+ -+ entry_seg = nf_queue_entry_dup(entry); -+ if (entry_seg) { -+ entry_seg->skb = skb; -+ ret = __imq_nf_queue(entry_seg, dev); -+ if (ret) -+ free_entry(entry_seg); -+ } -+ return ret; -+} -+ -+static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) -+{ -+ struct sk_buff *skb, *segs; -+ struct net_device *dev; -+ unsigned int queued; -+ int index, retval, err; -+ -+ index = entry->skb->imq_flags & IMQ_F_IFMASK; -+ if (unlikely(index > numdevs - 1)) { -+ if (net_ratelimit()) -+ pr_warn("IMQ: invalid device specified, highest is %u\n", -+ numdevs - 1); -+ retval = -EINVAL; -+ goto out_no_dev; -+ } -+ -+ /* check for imq device by index from cache */ -+ dev = imq_devs_cache[index]; -+ if (unlikely(!dev)) { -+ dev = get_imq_device_by_index(index); -+ if (IS_ERR(dev)) { -+ retval = PTR_ERR(dev); -+ goto out_no_dev; -+ } -+ } -+ -+ if (unlikely(!(dev->flags & IFF_UP))) { -+ entry->skb->imq_flags = 0; -+ retval = -ECANCELED; -+ goto out_no_dev; -+ } -+ -+ /* Since 3.10.x, GSO handling moved here as result of upstream commit -+ * a5fedd43d5f6c94c71053a66e4c3d2e35f1731a2 (netfilter: move -+ * skb_gso_segment into nfnetlink_queue module). -+ * -+ * Following code replicates the gso handling from -+ * 'net/netfilter/nfnetlink_queue_core.c':nfqnl_enqueue_packet(). -+ */ -+ -+ skb = entry->skb; -+ -+ switch (entry->state.pf) { -+ case NFPROTO_IPV4: -+ skb->protocol = htons(ETH_P_IP); -+ break; -+ case NFPROTO_IPV6: -+ skb->protocol = htons(ETH_P_IPV6); -+ break; -+ } -+ -+ if (!skb_is_gso(entry->skb)) -+ return __imq_nf_queue(entry, dev); -+ -+ nf_bridge_adjust_skb_data(skb); -+ segs = skb_gso_segment(skb, 0); -+ /* Does not use PTR_ERR to limit the number of error codes that can be -+ * returned by nf_queue. For instance, callers rely on -ECANCELED to -+ * mean 'ignore this hook'. -+ */ -+ err = -ENOBUFS; -+ if (IS_ERR(segs)) -+ goto out_err; -+ queued = 0; -+ err = 0; -+ do { -+ struct sk_buff *nskb = segs->next; -+ if (nskb && nskb->next) -+ nskb->cb_next = NULL; -+ if (err == 0) -+ err = __imq_nf_queue_gso(entry, dev, segs); -+ if (err == 0) -+ queued++; -+ else -+ kfree_skb(segs); -+ segs = nskb; -+ } while (segs); -+ -+ if (queued) { -+ if (err) /* some segments are already queued */ -+ free_entry(entry); -+ kfree_skb(skb); -+ return 0; -+ } -+ -+out_err: -+ nf_bridge_adjust_segmented_data(skb); -+ retval = err; -+out_no_dev: -+ return retval; -+} -+ -+static int __imq_nf_queue(struct nf_queue_entry *entry, struct net_device *dev) -+{ -+ struct sk_buff *skb_orig, *skb, *skb_shared, *skb_popd; -+ struct Qdisc *q; -+ struct sk_buff *to_free = NULL; -+ struct netdev_queue *txq; -+ spinlock_t *root_lock; -+ int users; -+ int retval = -EINVAL; -+ unsigned int orig_queue_index; -+ -+ dev->last_rx = jiffies; -+ -+ skb = entry->skb; -+ skb_orig = NULL; -+ -+ /* skb has owner? => make clone */ -+ if (unlikely(skb->destructor)) { -+ skb_orig = skb; -+ skb = skb_clone(skb, GFP_ATOMIC); -+ if (unlikely(!skb)) { -+ retval = -ENOMEM; -+ goto out; -+ } -+ skb->cb_next = NULL; -+ entry->skb = skb; -+ } -+ -+ dev->stats.rx_bytes += skb->len; -+ dev->stats.rx_packets++; -+ -+ if (!skb->dev) { -+ /* skb->dev == NULL causes problems, try the find cause. */ -+ if (net_ratelimit()) { -+ dev_warn(&dev->dev, -+ "received packet with skb->dev == NULL\n"); -+ dump_stack(); -+ } -+ -+ skb->dev = dev; -+ } -+ -+ /* Disables softirqs for lock below */ -+ rcu_read_lock_bh(); -+ -+ /* Multi-queue selection */ -+ orig_queue_index = skb_get_queue_mapping(skb); -+ txq = imq_select_queue(dev, skb); -+ -+ q = rcu_dereference(txq->qdisc); -+ if (unlikely(!q->enqueue)) -+ goto packet_not_eaten_by_imq_dev; -+ -+ skb->nf_queue_entry = entry; -+ root_lock = qdisc_lock(q); -+ spin_lock(root_lock); -+ -+ users = refcount_read(&skb->users); -+ -+ skb_shared = skb_get(skb); /* increase reference count by one */ -+ -+ /* backup skb->cb, as qdisc layer will overwrite it */ -+ skb_save_cb(skb_shared); -+ qdisc_enqueue_root(skb_shared, q, &to_free); /* might kfree_skb */ -+ if (likely(refcount_read(&skb_shared->users) == users + 1)) { -+ bool validate; -+ -+ kfree_skb(skb_shared); /* decrease reference count by one */ -+ -+ skb->destructor = &imq_skb_destructor; -+ -+ skb_popd = qdisc_dequeue_skb(q, &validate); -+ -+ /* cloned? */ -+ if (unlikely(skb_orig)) -+ kfree_skb(skb_orig); /* free original */ -+ -+ spin_unlock(root_lock); -+ -+#if 0 -+ /* schedule qdisc dequeue */ -+ __netif_schedule(q); -+#else -+ if (likely(skb_popd)) { -+ /* Note that we validate skb (GSO, checksum, ...) outside of locks */ -+ if (validate) -+ skb_popd = validate_xmit_skb_list(skb_popd, dev); -+ -+ if (skb_popd) { -+ int dummy_ret; -+ int cpu = smp_processor_id(); /* ok because BHs are off */ -+ -+ txq = skb_get_tx_queue(dev, skb_popd); -+ /* -+ IMQ device will not be frozen or stoped, and it always be successful. -+ So we need not check its status and return value to accelerate. -+ */ -+ if (imq_dev_accurate_stats && txq->xmit_lock_owner != cpu) { -+ HARD_TX_LOCK(dev, txq, cpu); -+ if (!netif_xmit_frozen_or_stopped(txq)) { -+ dev_hard_start_xmit(skb_popd, dev, txq, &dummy_ret); -+ } -+ HARD_TX_UNLOCK(dev, txq); -+ } else { -+ if (!netif_xmit_frozen_or_stopped(txq)) { -+ dev_hard_start_xmit(skb_popd, dev, txq, &dummy_ret); -+ } -+ } -+ } -+ } else { -+ /* No ready skb, then schedule it */ -+ __netif_schedule(q); -+ } -+#endif -+ rcu_read_unlock_bh(); -+ retval = 0; -+ goto out; -+ } else { -+ skb_restore_cb(skb_shared); /* restore skb->cb */ -+ skb->nf_queue_entry = NULL; -+ /* -+ * qdisc dropped packet and decreased skb reference count of -+ * skb, so we don't really want to and try refree as that would -+ * actually destroy the skb. -+ */ -+ spin_unlock(root_lock); -+ goto packet_not_eaten_by_imq_dev; -+ } -+ -+packet_not_eaten_by_imq_dev: -+ skb_set_queue_mapping(skb, orig_queue_index); -+ rcu_read_unlock_bh(); -+ -+ /* cloned? restore original */ -+ if (unlikely(skb_orig)) { -+ kfree_skb(skb); -+ entry->skb = skb_orig; -+ } -+ retval = -1; -+out: -+ if (unlikely(to_free)) { -+ kfree_skb_list(to_free); -+ } -+ return retval; -+} -+static unsigned int imq_nf_hook(void *priv, -+ struct sk_buff *skb, -+ const struct nf_hook_state *state) -+{ -+ return (skb->imq_flags & IMQ_F_ENQUEUE) ? NF_IMQ_QUEUE : NF_ACCEPT; -+} -+ -+static int imq_close(struct net_device *dev) -+{ -+ netif_stop_queue(dev); -+ return 0; -+} -+ -+static int imq_open(struct net_device *dev) -+{ -+ netif_start_queue(dev); -+ return 0; -+} -+ -+static struct device_type imq_device_type = { -+ .name = "imq", -+}; -+ -+static const struct net_device_ops imq_netdev_ops = { -+ .ndo_open = imq_open, -+ .ndo_stop = imq_close, -+ .ndo_start_xmit = imq_dev_xmit, -+ .ndo_get_stats = imq_get_stats, -+}; -+ -+static void imq_setup(struct net_device *dev) -+{ -+ dev->netdev_ops = &imq_netdev_ops; -+ dev->type = ARPHRD_VOID; -+ dev->mtu = 16000; /* too small? */ -+ dev->tx_queue_len = 11000; /* too big? */ -+ dev->flags = IFF_NOARP; -+ dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | -+ NETIF_F_GSO | NETIF_F_HW_CSUM | -+ NETIF_F_HIGHDMA; -+ dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | -+ IFF_TX_SKB_SHARING); -+} -+ -+static int imq_validate(struct nlattr *tb[], struct nlattr *data[], -+ struct netlink_ext_ack *extack) -+{ -+ int ret = 0; -+ -+ if (tb[IFLA_ADDRESS]) { -+ if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) { -+ ret = -EINVAL; -+ goto end; -+ } -+ if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) { -+ ret = -EADDRNOTAVAIL; -+ goto end; -+ } -+ } -+ return 0; -+end: -+ pr_warn("IMQ: imq_validate failed (%d)\n", ret); -+ return ret; -+} -+ -+static struct rtnl_link_ops imq_link_ops __read_mostly = { -+ .kind = "imq", -+ .priv_size = 0, -+ .setup = imq_setup, -+ .validate = imq_validate, -+}; -+ -+static const struct nf_queue_handler imq_nfqh = { -+ .outfn = imq_nf_queue, -+}; -+ -+static int __net_init imq_nf_register(struct net *net) -+{ -+ return nf_register_net_hooks(net, imq_ops, -+ ARRAY_SIZE(imq_ops)); -+}; -+ -+static void __net_exit imq_nf_unregister(struct net *net) -+{ -+ nf_unregister_net_hooks(net, imq_ops, -+ ARRAY_SIZE(imq_ops)); -+}; -+ -+static struct pernet_operations imq_net_ops = { -+ .init = imq_nf_register, -+ .exit = imq_nf_unregister, -+}; -+ -+static int __net_init imq_init_hooks(void) -+{ -+ int ret; -+ nf_register_queue_imq_handler(&imq_nfqh); -+ -+ ret = register_pernet_subsys(&imq_net_ops); -+ if (ret < 0) -+ nf_unregister_queue_imq_handler(); -+ -+ return ret; -+} -+ -+#ifdef CONFIG_LOCKDEP -+ static struct lock_class_key imq_netdev_addr_lock_key; -+ -+ static void __init imq_dev_set_lockdep_one(struct net_device *dev, -+ struct netdev_queue *txq, void *arg) -+ { -+ /* -+ * the IMQ transmit locks can be taken recursively, -+ * for example with one IMQ rule for input- and one for -+ * output network devices in iptables! -+ * until we find a better solution ignore them. -+ */ -+ lockdep_set_novalidate_class(&txq->_xmit_lock); -+ } -+ -+ static void imq_dev_set_lockdep_class(struct net_device *dev) -+ { -+ lockdep_set_class_and_name(&dev->addr_list_lock, -+ &imq_netdev_addr_lock_key, "_xmit_addr_IMQ"); -+ netdev_for_each_tx_queue(dev, imq_dev_set_lockdep_one, NULL); -+} -+#else -+ static inline void imq_dev_set_lockdep_class(struct net_device *dev) -+ { -+ } -+#endif -+ -+static int __init imq_init_one(int index) -+{ -+ struct net_device *dev; -+ int ret; -+ -+ dev = alloc_netdev_mq(0, "imq%d", NET_NAME_UNKNOWN, imq_setup, numqueues); -+ if (!dev) -+ return -ENOMEM; -+ -+ ret = dev_alloc_name(dev, dev->name); -+ if (ret < 0) -+ goto fail; -+ -+ dev->rtnl_link_ops = &imq_link_ops; -+ SET_NETDEV_DEVTYPE(dev, &imq_device_type); -+ ret = register_netdevice(dev); -+ if (ret < 0) -+ goto fail; -+ -+ imq_dev_set_lockdep_class(dev); -+ -+ return 0; -+fail: -+ free_netdev(dev); -+ return ret; -+} -+ -+static int __init imq_init_devs(void) -+{ -+ int err, i; -+ -+ if (numdevs < 1 || numdevs > IMQ_MAX_DEVS) { -+ pr_err("IMQ: numdevs has to be betweed 1 and %u\n", -+ IMQ_MAX_DEVS); -+ return -EINVAL; -+ } -+ -+ if (numqueues < 1 || numqueues > IMQ_MAX_QUEUES) { -+ pr_err("IMQ: numqueues has to be betweed 1 and %u\n", -+ IMQ_MAX_QUEUES); -+ return -EINVAL; -+ } -+ -+ get_random_bytes(&imq_hashrnd, sizeof(imq_hashrnd)); -+ -+ rtnl_lock(); -+ err = __rtnl_link_register(&imq_link_ops); -+ -+ for (i = 0; i < numdevs && !err; i++) -+ err = imq_init_one(i); -+ -+ if (err) { -+ __rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ } -+ rtnl_unlock(); -+ -+ return err; -+} -+ -+static int __init imq_init_module(void) -+{ -+ int err; -+ -+#if defined(CONFIG_IMQ_NUM_DEVS) -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS > 16); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS < 2); -+ BUILD_BUG_ON(CONFIG_IMQ_NUM_DEVS - 1 > IMQ_F_IFMASK); -+#endif -+ -+ err = imq_init_devs(); -+ if (err) { -+ pr_err("IMQ: Error trying imq_init_devs(net)\n"); -+ return err; -+ } -+ -+ err = imq_init_hooks(); -+ if (err) { -+ pr_err(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+ return err; -+ } -+ -+ pr_info("IMQ driver loaded successfully. (numdevs = %d, numqueues = %d, imq_dev_accurate_stats = %d)\n", -+ numdevs, numqueues, imq_dev_accurate_stats); -+ -+#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ pr_info("\tHooking IMQ before NAT on PREROUTING.\n"); -+#else -+ pr_info("\tHooking IMQ after NAT on PREROUTING.\n"); -+#endif -+#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) -+ pr_info("\tHooking IMQ before NAT on POSTROUTING.\n"); -+#else -+ pr_info("\tHooking IMQ after NAT on POSTROUTING.\n"); -+#endif -+ -+ return 0; -+} -+ -+static void __exit imq_unhook(void) -+{ -+ unregister_pernet_subsys(&imq_net_ops); -+ nf_unregister_queue_imq_handler(); -+} -+ -+static void __exit imq_cleanup_devs(void) -+{ -+ rtnl_link_unregister(&imq_link_ops); -+ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); -+} -+ -+static void __exit imq_exit_module(void) -+{ -+ imq_unhook(); -+ imq_cleanup_devs(); -+ pr_info("IMQ driver unloaded successfully.\n"); -+} -+ -+module_init(imq_init_module); -+module_exit(imq_exit_module); -+ -+module_param(numdevs, int, 0); -+module_param(numqueues, int, 0); -+module_param(imq_dev_accurate_stats, int, 0); -+MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will be created)"); -+MODULE_PARM_DESC(numqueues, "number of queues per IMQ device"); -+MODULE_PARM_DESC(imq_dev_accurate_stats, "Notify if need the accurate imq device stats"); -+ -+MODULE_AUTHOR("https://github.com/imq/linuximq"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS_RTNL_LINK("imq"); -diff -Naupr linux-4.14_orig/drivers/net/Kconfig linux-4.14/drivers/net/Kconfig ---- linux-4.14_orig/drivers/net/Kconfig 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/drivers/net/Kconfig 2017-11-13 11:46:45.844089945 +0700 -@@ -277,6 +277,125 @@ config RIONET_RX_SIZE - depends on RIONET - default "128" - -+config IMQ -+ tristate "IMQ (intermediate queueing device) support" -+ depends on NETDEVICES && NETFILTER -+ ---help--- -+ The IMQ device(s) is used as placeholder for QoS queueing -+ disciplines. Every packet entering/leaving the IP stack can be -+ directed through the IMQ device where it's enqueued/dequeued to the -+ attached qdisc. This allows you to treat network devices as classes -+ and distribute bandwidth among them. Iptables is used to specify -+ through which IMQ device, if any, packets travel. -+ -+ More information at: https://github.com/imq/linuximq -+ -+ To compile this driver as a module, choose M here: the module -+ will be called imq. If unsure, say N. -+ -+choice -+ prompt "IMQ behavior (PRE/POSTROUTING)" -+ depends on IMQ -+ default IMQ_BEHAVIOR_AB -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ IMQ can work in any of the following ways: -+ -+ PREROUTING | POSTROUTING -+ -----------------|------------------- -+ #1 After NAT | After NAT -+ #2 After NAT | Before NAT -+ #3 Before NAT | After NAT -+ #4 Before NAT | Before NAT -+ -+ The default behavior is to hook before NAT on PREROUTING -+ and after NAT on POSTROUTING (#3). -+ -+ This settings are specially usefull when trying to use IMQ -+ to shape NATed clients. -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AA -+ bool "IMQ AA" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_AB -+ bool "IMQ AB" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: After NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BA -+ bool "IMQ BA" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: After NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+config IMQ_BEHAVIOR_BB -+ bool "IMQ BB" -+ help -+ This setting defines how IMQ behaves in respect to its -+ hooking in PREROUTING and POSTROUTING. -+ -+ Choosing this option will make IMQ hook like this: -+ -+ PREROUTING: Before NAT -+ POSTROUTING: Before NAT -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ -+endchoice -+ -+config IMQ_NUM_DEVS -+ int "Number of IMQ devices" -+ range 2 16 -+ depends on IMQ -+ default "16" -+ help -+ This setting defines how many IMQ devices will be created. -+ -+ The default value is 16. -+ -+ More information can be found at: https://github.com/imq/linuximq -+ -+ If not sure leave the default settings alone. -+ - config TUN - tristate "Universal TUN/TAP device driver support" - depends on INET -diff -Naupr linux-4.14_orig/drivers/net/Makefile linux-4.14/drivers/net/Makefile ---- linux-4.14_orig/drivers/net/Makefile 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/drivers/net/Makefile 2017-11-13 11:46:45.844089945 +0700 -@@ -13,6 +13,7 @@ obj-$(CONFIG_DUMMY) += dummy.o - obj-$(CONFIG_EQUALIZER) += eql.o - obj-$(CONFIG_IFB) += ifb.o - obj-$(CONFIG_MACSEC) += macsec.o -+obj-$(CONFIG_IMQ) += imq.o - obj-$(CONFIG_MACVLAN) += macvlan.o - obj-$(CONFIG_MACVTAP) += macvtap.o - obj-$(CONFIG_MII) += mii.o -diff -Naupr linux-4.14_orig/include/linux/imq.h linux-4.14/include/linux/imq.h ---- linux-4.14_orig/include/linux/imq.h 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/include/linux/imq.h 2017-11-13 11:46:45.844089945 +0700 -@@ -0,0 +1,13 @@ -+#ifndef _IMQ_H -+#define _IMQ_H -+ -+/* IFMASK (16 device indexes, 0 to 15) and flag(s) fit in 5 bits */ -+#define IMQ_F_BITS 5 -+ -+#define IMQ_F_IFMASK 0x0f -+#define IMQ_F_ENQUEUE 0x10 -+ -+#define IMQ_MAX_DEVS (IMQ_F_IFMASK + 1) -+ -+#endif /* _IMQ_H */ -+ -diff -Naupr linux-4.14_orig/include/linux/netdevice.h linux-4.14/include/linux/netdevice.h ---- linux-4.14_orig/include/linux/netdevice.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/linux/netdevice.h 2017-11-13 11:46:45.844089945 +0700 -@@ -1771,6 +1771,11 @@ struct net_device { - /* - * Cache lines mostly used on receive path (including eth_type_trans()) - */ -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ unsigned long last_rx; -+#endif -+ - /* Interface address info used in eth_type_trans() */ - unsigned char *dev_addr; - -@@ -3631,6 +3636,19 @@ static inline void netif_tx_unlock_bh(st - } \ - } - -+#define HARD_TX_LOCK_BH(dev, txq) { \ -+ if ((dev->features & NETIF_F_LLTX) == 0) { \ -+ __netif_tx_lock_bh(txq); \ -+ } \ -+} -+ -+#define HARD_TX_UNLOCK_BH(dev, txq) { \ -+ if ((dev->features & NETIF_F_LLTX) == 0) { \ -+ __netif_tx_unlock_bh(txq); \ -+ } \ -+} -+ -+ - static inline void netif_tx_disable(struct net_device *dev) - { - unsigned int i; -diff -Naupr linux-4.14_orig/include/linux/netfilter/xt_IMQ.h linux-4.14/include/linux/netfilter/xt_IMQ.h ---- linux-4.14_orig/include/linux/netfilter/xt_IMQ.h 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/include/linux/netfilter/xt_IMQ.h 2017-11-13 11:46:45.847423298 +0700 -@@ -0,0 +1,9 @@ -+#ifndef _XT_IMQ_H -+#define _XT_IMQ_H -+ -+struct xt_imq_info { -+ unsigned int todev; /* target imq device */ -+}; -+ -+#endif /* _XT_IMQ_H */ -+ -diff -Naupr linux-4.14_orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-4.14/include/linux/netfilter_ipv4/ipt_IMQ.h ---- linux-4.14_orig/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/include/linux/netfilter_ipv4/ipt_IMQ.h 2017-11-13 11:46:45.847423298 +0700 -@@ -0,0 +1,10 @@ -+#ifndef _IPT_IMQ_H -+#define _IPT_IMQ_H -+ -+/* Backwards compatibility for old userspace */ -+#include <linux/netfilter/xt_IMQ.h> -+ -+#define ipt_imq_info xt_imq_info -+ -+#endif /* _IPT_IMQ_H */ -+ -diff -Naupr linux-4.14_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-4.14/include/linux/netfilter_ipv6/ip6t_IMQ.h ---- linux-4.14_orig/include/linux/netfilter_ipv6/ip6t_IMQ.h 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/include/linux/netfilter_ipv6/ip6t_IMQ.h 2017-11-13 11:46:45.847423298 +0700 -@@ -0,0 +1,10 @@ -+#ifndef _IP6T_IMQ_H -+#define _IP6T_IMQ_H -+ -+/* Backwards compatibility for old userspace */ -+#include <linux/netfilter/xt_IMQ.h> -+ -+#define ip6t_imq_info xt_imq_info -+ -+#endif /* _IP6T_IMQ_H */ -+ -diff -Naupr linux-4.14_orig/include/linux/skbuff.h linux-4.14/include/linux/skbuff.h ---- linux-4.14_orig/include/linux/skbuff.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/linux/skbuff.h 2017-11-13 11:46:45.847423298 +0700 -@@ -41,6 +41,10 @@ - #include <linux/in6.h> - #include <linux/if_packet.h> - #include <net/flow.h> -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include <linux/imq.h> -+#endif -+ - - /* The interface for checksum offload between the stack and networking drivers - * is as follows... -@@ -581,7 +585,7 @@ typedef unsigned int sk_buff_data_t; - typedef unsigned char *sk_buff_data_t; - #endif - --/** -+/** - * struct sk_buff - socket buffer - * @next: Next buffer in list - * @prev: Previous buffer in list -@@ -684,6 +688,9 @@ struct sk_buff { - * first. This is owned by whoever has the skb queued ATM. - */ - char cb[48] __aligned(8); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ void *cb_next; -+#endif - - unsigned long _skb_refdst; - void (*destructor)(struct sk_buff *skb); -@@ -693,6 +700,9 @@ struct sk_buff { - #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) - unsigned long _nfct; - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ struct nf_queue_entry *nf_queue_entry; -+#endif - #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) - struct nf_bridge_info *nf_bridge; - #endif -@@ -772,6 +782,9 @@ struct sk_buff { - #ifdef CONFIG_NET_SWITCHDEV - __u8 offload_fwd_mark:1; - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ __u8 imq_flags:IMQ_F_BITS; -+#endif - #ifdef CONFIG_NET_CLS_ACT - __u8 tc_skip_classify:1; - __u8 tc_at_ingress:1; -@@ -870,7 +883,7 @@ static inline bool skb_pfmemalloc(const - */ - static inline struct dst_entry *skb_dst(const struct sk_buff *skb) - { -- /* If refdst was not refcounted, check we still are in a -+ /* If refdst was not refcounted, check we still are in a - * rcu_read_lock section - */ - WARN_ON((skb->_skb_refdst & SKB_DST_NOREF) && -@@ -960,6 +973,12 @@ void skb_tx_error(struct sk_buff *skb); - void consume_skb(struct sk_buff *skb); - void __consume_stateless_skb(struct sk_buff *skb); - void __kfree_skb(struct sk_buff *skb); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+int skb_save_cb(struct sk_buff *skb); -+int skb_restore_cb(struct sk_buff *skb); -+#endif -+ - extern struct kmem_cache *skbuff_head_cache; - - void kfree_skb_partial(struct sk_buff *skb, bool head_stolen); -@@ -3785,8 +3804,12 @@ static inline void __nf_copy(struct sk_b - dst->_nfct = src->_nfct; - nf_conntrack_get(skb_nfct(src)); - #endif -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ dst->imq_flags = src->imq_flags; -+ dst->nf_queue_entry = src->nf_queue_entry; -+#endif - #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) -- dst->nf_bridge = src->nf_bridge; -+ dst->nf_bridge = src->nf_bridge; - nf_bridge_get(src->nf_bridge); - #endif - #if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) || defined(CONFIG_NF_TABLES) -diff -Naupr linux-4.14_orig/include/net/netfilter/nf_queue.h linux-4.14/include/net/netfilter/nf_queue.h ---- linux-4.14_orig/include/net/netfilter/nf_queue.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/net/netfilter/nf_queue.h 2017-11-13 11:46:45.847423298 +0700 -@@ -31,6 +31,12 @@ struct nf_queue_handler { - void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh); - void nf_unregister_queue_handler(struct net *net); - void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict); -+void nf_queue_entry_release_refs(struct nf_queue_entry *entry); -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+void nf_register_queue_imq_handler(const struct nf_queue_handler *qh); -+void nf_unregister_queue_imq_handler(void); -+#endif - - void nf_queue_entry_get_refs(struct nf_queue_entry *entry); - void nf_queue_entry_release_refs(struct nf_queue_entry *entry); -diff -Naupr linux-4.14_orig/include/net/pkt_sched.h linux-4.14/include/net/pkt_sched.h ---- linux-4.14_orig/include/net/pkt_sched.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/net/pkt_sched.h 2017-11-13 11:46:45.850756651 +0700 -@@ -109,6 +109,8 @@ int sch_direct_xmit(struct sk_buff *skb, - - void __qdisc_run(struct Qdisc *q); - -+struct sk_buff *qdisc_dequeue_skb(struct Qdisc *q, bool *validate); -+ - static inline void qdisc_run(struct Qdisc *q) - { - if (qdisc_run_begin(q)) -diff -Naupr linux-4.14_orig/include/net/sch_generic.h linux-4.14/include/net/sch_generic.h ---- linux-4.14_orig/include/net/sch_generic.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/net/sch_generic.h 2017-11-13 11:46:45.850756651 +0700 -@@ -567,6 +567,13 @@ static inline int qdisc_enqueue(struct s - return sch->enqueue(skb, sch, to_free); - } - -+static inline int qdisc_enqueue_root(struct sk_buff *skb, struct Qdisc *sch, -+ struct sk_buff **to_free) -+{ -+ qdisc_skb_cb(skb)->pkt_len = skb->len; -+ return qdisc_enqueue(skb, sch, to_free) & NET_XMIT_MASK; -+} -+ - static inline bool qdisc_is_percpu_stats(const struct Qdisc *q) - { - return q->flags & TCQ_F_CPUSTATS; -diff -Naupr linux-4.14_orig/include/uapi/linux/netfilter.h linux-4.14/include/uapi/linux/netfilter.h ---- linux-4.14_orig/include/uapi/linux/netfilter.h 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/include/uapi/linux/netfilter.h 2017-11-13 11:46:45.850756651 +0700 -@@ -14,7 +14,8 @@ - #define NF_QUEUE 3 - #define NF_REPEAT 4 - #define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */ --#define NF_MAX_VERDICT NF_STOP -+#define NF_IMQ_QUEUE 6 -+#define NF_MAX_VERDICT NF_IMQ_QUEUE - - /* we overload the higher bits for encoding auxiliary data such as the queue - * number or errno values. Not nice, but better than additional function -diff -Naupr linux-4.14_orig/net/core/dev.c linux-4.14/net/core/dev.c ---- linux-4.14_orig/net/core/dev.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/core/dev.c 2017-11-13 11:46:45.854090004 +0700 -@@ -143,6 +143,9 @@ - #include <linux/hrtimer.h> - #include <linux/netfilter_ingress.h> - #include <linux/crash_dump.h> -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include <linux/imq.h> -+#endif - #include <linux/sctp.h> - #include <net/udp_tunnel.h> - -@@ -2971,7 +2974,12 @@ static int xmit_one(struct sk_buff *skb, - unsigned int len; - int rc; - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ if ((!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) && -+ !(skb->imq_flags & IMQ_F_ENQUEUE)) -+#else - if (!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) -+#endif - dev_queue_xmit_nit(skb, dev); - - len = skb->len; -@@ -3010,6 +3018,8 @@ out: - return skb; - } - -+EXPORT_SYMBOL_GPL(dev_hard_start_xmit); -+ - static struct sk_buff *validate_xmit_vlan(struct sk_buff *skb, - netdev_features_t features) - { -diff -Naupr linux-4.14_orig/net/core/skbuff.c linux-4.14/net/core/skbuff.c ---- linux-4.14_orig/net/core/skbuff.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/core/skbuff.c 2017-11-13 11:46:45.854090004 +0700 -@@ -82,6 +82,87 @@ struct kmem_cache *skbuff_head_cache __r - static struct kmem_cache *skbuff_fclone_cache __read_mostly; - int sysctl_max_skb_frags __read_mostly = MAX_SKB_FRAGS; - EXPORT_SYMBOL(sysctl_max_skb_frags); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static struct kmem_cache *skbuff_cb_store_cache __read_mostly; -+#endif -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+/* Control buffer save/restore for IMQ devices */ -+struct skb_cb_table { -+ char cb[48] __aligned(8); -+ void *cb_next; -+ atomic_t refcnt; -+}; -+ -+static DEFINE_SPINLOCK(skb_cb_store_lock); -+ -+int skb_save_cb(struct sk_buff *skb) -+{ -+ struct skb_cb_table *next; -+ -+ next = kmem_cache_alloc(skbuff_cb_store_cache, GFP_ATOMIC); -+ if (!next) -+ return -ENOMEM; -+ -+ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); -+ -+ memcpy(next->cb, skb->cb, sizeof(skb->cb)); -+ next->cb_next = skb->cb_next; -+ -+ atomic_set(&next->refcnt, 1); -+ -+ skb->cb_next = next; -+ return 0; -+} -+EXPORT_SYMBOL(skb_save_cb); -+ -+int skb_restore_cb(struct sk_buff *skb) -+{ -+ struct skb_cb_table *next; -+ -+ if (!skb->cb_next) -+ return 0; -+ -+ next = skb->cb_next; -+ -+ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); -+ -+ memcpy(skb->cb, next->cb, sizeof(skb->cb)); -+ skb->cb_next = next->cb_next; -+ -+ spin_lock(&skb_cb_store_lock); -+ -+ if (atomic_dec_and_test(&next->refcnt)) -+ kmem_cache_free(skbuff_cb_store_cache, next); -+ -+ spin_unlock(&skb_cb_store_lock); -+ -+ return 0; -+} -+EXPORT_SYMBOL(skb_restore_cb); -+ -+static void skb_copy_stored_cb(struct sk_buff * , const struct sk_buff * ) __attribute__ ((unused)); -+static void skb_copy_stored_cb(struct sk_buff *new, const struct sk_buff *__old) -+{ -+ struct skb_cb_table *next; -+ struct sk_buff *old; -+ -+ if (!__old->cb_next) { -+ new->cb_next = NULL; -+ return; -+ } -+ -+ spin_lock(&skb_cb_store_lock); -+ -+ old = (struct sk_buff *)__old; -+ -+ next = old->cb_next; -+ atomic_inc(&next->refcnt); -+ new->cb_next = next; -+ -+ spin_unlock(&skb_cb_store_lock); -+} -+#endif - - /** - * skb_panic - private function for out-of-line support -@@ -615,6 +696,28 @@ void skb_release_head_state(struct sk_bu - WARN_ON(in_irq()); - skb->destructor(skb); - } -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ /* -+ * This should not happen. When it does, avoid memleak by restoring -+ * the chain of cb-backups. -+ */ -+ while (skb->cb_next != NULL) { -+ if (net_ratelimit()) -+ pr_warn("IMQ: kfree_skb: skb->cb_next: %08x\n", -+ (unsigned int)(uintptr_t)skb->cb_next); -+ -+ skb_restore_cb(skb); -+ } -+ /* -+ * This should not happen either, nf_queue_entry is nullified in -+ * imq_dev_xmit(). If we have non-NULL nf_queue_entry then we are -+ * leaking entry pointers, maybe memory. We don't know if this is -+ * pointer to already freed memory, or should this be freed. -+ * If this happens we need to add refcounting, etc for nf_queue_entry. -+ */ -+ if (skb->nf_queue_entry && net_ratelimit()) -+ pr_warn("%s\n", "IMQ: kfree_skb: skb->nf_queue_entry != NULL"); -+#endif - #if IS_ENABLED(CONFIG_NF_CONNTRACK) - nf_conntrack_put(skb_nfct(skb)); - #endif -@@ -804,6 +907,10 @@ static void __copy_skb_header(struct sk_ - new->sp = secpath_get(old->sp); - #endif - __nf_copy(new, old, false); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ new->cb_next = NULL; -+ /*skb_copy_stored_cb(new, old);*/ -+#endif - - /* Note : this field could be in headers_start/headers_end section - * It is not yet because we do not want to have a 16 bit hole -@@ -3902,6 +4009,13 @@ void __init skb_init(void) - 0, - SLAB_HWCACHE_ALIGN|SLAB_PANIC, - NULL); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ skbuff_cb_store_cache = kmem_cache_create("skbuff_cb_store_cache", -+ sizeof(struct skb_cb_table), -+ 0, -+ SLAB_HWCACHE_ALIGN|SLAB_PANIC, -+ NULL); -+#endif - } - - static int -diff -Naupr linux-4.14_orig/net/netfilter/core.c linux-4.14/net/netfilter/core.c ---- linux-4.14_orig/net/netfilter/core.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/netfilter/core.c 2017-11-13 14:16:05.896850774 +0700 -@@ -474,6 +474,11 @@ int nf_hook_slow(struct sk_buff *skb, st - if (ret == 0) - ret = -EPERM; - return ret; -+ case NF_IMQ_QUEUE: -+ ret = nf_queue(skb, state, e, s, verdict); -+ if (ret == -ECANCELED) -+ continue; -+ return ret; - case NF_QUEUE: - ret = nf_queue(skb, state, e, s, verdict); - if (ret == 1) -diff -Naupr linux-4.14_orig/net/netfilter/Kconfig linux-4.14/net/netfilter/Kconfig ---- linux-4.14_orig/net/netfilter/Kconfig 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/netfilter/Kconfig 2017-11-13 11:46:45.857423358 +0700 -@@ -867,6 +867,18 @@ config NETFILTER_XT_TARGET_LOG - - To compile it as a module, choose M here. If unsure, say N. - -+config NETFILTER_XT_TARGET_IMQ -+ tristate '"IMQ" target support' -+ depends on NETFILTER_XTABLES -+ depends on IP_NF_MANGLE || IP6_NF_MANGLE -+ select IMQ -+ default m if NETFILTER_ADVANCED=n -+ help -+ This option adds a `IMQ' target which is used to specify if and -+ to which imq device packets should get enqueued/dequeued. -+ -+ To compile it as a module, choose M here. If unsure, say N. -+ - config NETFILTER_XT_TARGET_MARK - tristate '"MARK" target support' - depends on NETFILTER_ADVANCED -diff -Naupr linux-4.14_orig/net/netfilter/Makefile linux-4.14/net/netfilter/Makefile ---- linux-4.14_orig/net/netfilter/Makefile 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/netfilter/Makefile 2017-11-13 11:46:45.857423358 +0700 -@@ -125,6 +125,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += - obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o - obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o - obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o -+obj-$(CONFIG_NETFILTER_XT_TARGET_IMQ) += xt_IMQ.o - obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o - obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o - obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o -diff -Naupr linux-4.14_orig/net/netfilter/nf_queue.c linux-4.14/net/netfilter/nf_queue.c ---- linux-4.14_orig/net/netfilter/nf_queue.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/netfilter/nf_queue.c 2017-11-13 14:25:21.436864671 +0700 -@@ -1,4 +1,4 @@ --/* -+ /* - * Rusty Russell (C)2000 -- This code is GPL. - * Patrick McHardy (c) 2006-2012 - */ -@@ -27,6 +27,23 @@ - * receives, no matter what. - */ - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static const struct nf_queue_handler __rcu *queue_imq_handler __read_mostly; -+ -+void nf_register_queue_imq_handler(const struct nf_queue_handler *qh) -+{ -+ rcu_assign_pointer(queue_imq_handler, qh); -+} -+EXPORT_SYMBOL_GPL(nf_register_queue_imq_handler); -+ -+void nf_unregister_queue_imq_handler(void) -+{ -+ RCU_INIT_POINTER(queue_imq_handler, NULL); -+ synchronize_rcu(); -+} -+EXPORT_SYMBOL_GPL(nf_unregister_queue_imq_handler); -+#endif -+ - /* return EBUSY when somebody else is registered, return EEXIST if the - * same handler is registered, return 0 in case of success. */ - void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh) -@@ -113,16 +130,29 @@ EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop) - - static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, - const struct nf_hook_entries *entries, -- unsigned int index, unsigned int queuenum) -+ unsigned int index, unsigned int verdict) - { - int status = -ENOENT; - struct nf_queue_entry *entry = NULL; - const struct nf_afinfo *afinfo; - const struct nf_queue_handler *qh; - struct net *net = state->net; -+ unsigned int queuetype = verdict & NF_VERDICT_MASK; -+ unsigned int queuenum = verdict >> NF_VERDICT_QBITS; - - /* QUEUE == DROP if no one is waiting, to be safe. */ -- qh = rcu_dereference(net->nf.queue_handler); -+ -+ if (queuetype == NF_IMQ_QUEUE) { -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ qh = rcu_dereference(queue_imq_handler); -+#else -+ BUG(); -+ goto err_unlock; -+#endif -+ } else { -+ qh = rcu_dereference(net->nf.queue_handler); -+ } -+ - if (!qh) { - status = -ESRCH; - goto err; -@@ -169,8 +199,16 @@ int nf_queue(struct sk_buff *skb, struct - { - int ret; - -- ret = __nf_queue(skb, state, entries, index, verdict >> NF_VERDICT_QBITS); -+ ret = __nf_queue(skb, state, entries, index, verdict); - if (ret < 0) { -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ /* IMQ Bypass */ -+ if (ret == -ECANCELED && skb->imq_flags == 0) { -+ return 1; -+ } -+#endif -+ - if (ret == -ESRCH && - (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) - return 1; -@@ -256,6 +294,7 @@ next_hook: - local_bh_enable(); - break; - case NF_QUEUE: -+ case NF_IMQ_QUEUE: - err = nf_queue(skb, &entry->state, hooks, i, verdict); - if (err == 1) - goto next_hook; -diff -Naupr linux-4.14_orig/net/netfilter/xt_IMQ.c linux-4.14/net/netfilter/xt_IMQ.c ---- linux-4.14_orig/net/netfilter/xt_IMQ.c 1970-01-01 07:00:00.000000000 +0700 -+++ linux-4.14/net/netfilter/xt_IMQ.c 2017-11-13 11:46:45.857423358 +0700 -@@ -0,0 +1,72 @@ -+/* -+ * This target marks packets to be enqueued to an imq device -+ */ -+#include <linux/module.h> -+#include <linux/skbuff.h> -+#include <linux/netfilter/x_tables.h> -+#include <linux/netfilter/xt_IMQ.h> -+#include <linux/imq.h> -+ -+static unsigned int imq_target(struct sk_buff *pskb, -+ const struct xt_action_param *par) -+{ -+ const struct xt_imq_info *mr = par->targinfo; -+ -+ pskb->imq_flags = (mr->todev & IMQ_F_IFMASK) | IMQ_F_ENQUEUE; -+ -+ return XT_CONTINUE; -+} -+ -+static int imq_checkentry(const struct xt_tgchk_param *par) -+{ -+ struct xt_imq_info *mr = par->targinfo; -+ -+ if (mr->todev > IMQ_MAX_DEVS - 1) { -+ pr_warn("IMQ: invalid device specified, highest is %u\n", -+ IMQ_MAX_DEVS - 1); -+ return -EINVAL; -+ } -+ -+ return 0; -+} -+ -+static struct xt_target xt_imq_reg[] __read_mostly = { -+ { -+ .name = "IMQ", -+ .family = AF_INET, -+ .checkentry = imq_checkentry, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .me = THIS_MODULE -+ }, -+ { -+ .name = "IMQ", -+ .family = AF_INET6, -+ .checkentry = imq_checkentry, -+ .target = imq_target, -+ .targetsize = sizeof(struct xt_imq_info), -+ .table = "mangle", -+ .me = THIS_MODULE -+ }, -+}; -+ -+static int __init imq_init(void) -+{ -+ return xt_register_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+static void __exit imq_fini(void) -+{ -+ xt_unregister_targets(xt_imq_reg, ARRAY_SIZE(xt_imq_reg)); -+} -+ -+module_init(imq_init); -+module_exit(imq_fini); -+ -+MODULE_AUTHOR("https://github.com/imq/linuximq"); -+MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See https://github.com/imq/linuximq/wiki for more information."); -+MODULE_LICENSE("GPL"); -+MODULE_ALIAS("ipt_IMQ"); -+MODULE_ALIAS("ip6t_IMQ"); -+ -diff -Naupr linux-4.14_orig/net/sched/sch_generic.c linux-4.14/net/sched/sch_generic.c ---- linux-4.14_orig/net/sched/sch_generic.c 2017-11-13 01:46:13.000000000 +0700 -+++ linux-4.14/net/sched/sch_generic.c 2017-11-13 11:46:45.857423358 +0700 -@@ -158,6 +158,14 @@ trace: - return skb; - } - -+struct sk_buff *qdisc_dequeue_skb(struct Qdisc *q, bool *validate) -+{ -+ int packets; -+ -+ return dequeue_skb(q, validate, &packets); -+} -+EXPORT_SYMBOL(qdisc_dequeue_skb); -+ - /* - * Transmit possibly several skbs, and handle the return status as - * required. Owning running seqcount bit guarantees that

-- 2.20.1

Michael Tremer

4:46 p.m.

New subject: [PATCH 10/17] QoS: Suppress an error message when cleaning up from previous runs

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 386a6bffe..f2c969371 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -405,7 +405,7 @@ print <<END ### $qossettings{'IMQ_DEV'} ###

- tc qdisc del dev $qossettings{'RED_DEV'} ingress + tc qdisc del dev $qossettings{'RED_DEV'} ingress >/dev/null 2>&1 tc qdisc add dev $qossettings{'RED_DEV'} handle ffff: ingress

### BRING UP $qossettings{'IMQ_DEV'}

-- 2.20.1

Michael Tremer

4:46 p.m.

New subject: [PATCH 11/17] QoS: Move packet classification to FORWARD chain for ingress

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index f2c969371..1d6930baa 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -251,9 +251,6 @@ foreach $subclassentry (sort @subclasses) { } print <<END

- ### add l7-filter to PREROUTING chain to see all traffic - iptables -t mangle -A PREROUTING -m layer7 --l7proto unset - ### ADD QOS-OUT CHAIN TO THE MANGLE TABLE IN IPTABLES iptables -t mangle -N QOS-OUT iptables -t mangle -N QOS-TOS @@ -517,8 +514,8 @@ print <<END iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS + iptables -t mangle -A FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC + iptables -t mangle -A FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS

### SET TOS END @@ -688,16 +685,14 @@ print <<END iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 + iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 + iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --flush QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-OUT >/dev/null 2>&1 iptables -t mangle --flush QOS-INC >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-INC >/dev/null 2>&1 iptables -t mangle --flush QOS-TOS >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-TOS >/dev/null 2>&1 - # remove l7-filter - iptables -t mangle --delete PREROUTING -m layer7 --l7proto unset

rmmod sch_htb >/dev/null 2>&1

-- 2.20.1

Michael Tremer

4:46 p.m.

New subject: [PATCH 12/17] QoS: Use CLASSIFY iptables target instead of MARK

We have been running into loads of conflicts by using MARK for various components on the OS (suricata, IPsec, QoS, ...) which was sometimes hard to resolve.

iptables comes with a target which directly sorts packets into the correct class which results in less code and not using the mark.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 41 ++++++++++++++---------------------- 1 file changed, 16 insertions(+), 25 deletions(-)

diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 1d6930baa..7d680151b 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -262,34 +262,34 @@ print <<END

### MARK ACKs iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j TOS --set-tos 4 - iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j MARK --set-mark $qossettings{'ACK'} + iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j CLASSIFY --set-class 1:$qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j RETURN

- iptables -t mangle -A QOS-OUT -p icmp -m length --length 40:100 -j MARK --set-mark $qossettings{'ACK'} + iptables -t mangle -A QOS-OUT -p icmp -m length --length 40:100 -j CLASSIFY --set-class 1:$qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p icmp -m length --length 40:100 -j RETURN

iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j TOS --set-tos 4 - iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j MARK --set-mark $qossettings{'ACK'} + iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j CLASSIFY --set-class 1:$qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j RETURN

iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j TOS --set-tos 4 - iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j MARK --set-mark $qossettings{'ACK'} + iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j CLASSIFY --set-class 1:$qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j RETURN

iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j TOS --set-tos 4 - iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j MARK --set-mark $qossettings{'ACK'} + iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j CLASSIFY --set-class 1:$qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j RETURN

iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j TOS --set-tos 4 - iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j MARK --set-mark $qossettings{'ACK'} + iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j CLASSIFY --set-class 1:$qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j RETURN

iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j TOS --set-tos 4 - iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j MARK --set-mark $qossettings{'ACK'} + iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j CLASSIFY --set-class 1:$qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j RETURN

iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j TOS --set-tos 4 - iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j MARK --set-mark $qossettings{'ACK'} + iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j CLASSIFY --set-class 1:$qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j RETURN

### SET TOS @@ -302,7 +302,7 @@ END $qossettings{'TOS'} = abs $tosruleline[2] * 2; if ( $tosruleline[1] eq $qossettings{'RED_DEV'} ) { - print "\tiptables -t mangle -A QOS-OUT -m tos --tos $qossettings{'TOS'} -j MARK --set-mark $qossettings{'CLASS'}\n"; + print "\tiptables -t mangle -A QOS-OUT -m tos --tos $qossettings{'TOS'} -j CLASSIFY --set-class 1:$qossettings{'CLASS'}\n"; print "\tiptables -t mangle -A QOS-OUT -m tos --tos $qossettings{'TOS'} -j RETURN\n"; } } @@ -337,7 +337,7 @@ print "\n\t### SET PORT-RULES\n"; if ($qossettings{'DPORT'} ne ''){ print "--dport $qossettings{'DPORT'} "; } - print "-j MARK --set-mark $qossettings{'CLASS'}\n"; + print "-j CLASSIFY --set-class 1:$qossettings{'CLASS'}\n"; print "\tiptables -t mangle -A QOS-OUT "; if ($qossettings{'QIP'} ne ''){ print "-s $qossettings{'QIP'} "; @@ -381,7 +381,7 @@ END if ($qossettings{'DIP'} ne ''){ print "-d $qossettings{'DIP'} "; } - print "-m layer7 --l7dir /etc/l7-protocols/protocols --l7proto $qossettings{'L7PROT'} -j MARK --set-mark $qossettings{'CLASS'}\n"; + print "-m layer7 --l7dir /etc/l7-protocols/protocols --l7proto $qossettings{'L7PROT'} -j CLASSIFY --set-class 1:$qossettings{'CLASS'}\n"; print "\tiptables -t mangle -A QOS-OUT "; if ($qossettings{'QIP'} ne ''){ print "-s $qossettings{'QIP'} "; @@ -396,7 +396,7 @@ END print <<END

### REDUNDANT: SET ALL NONMARKED PACKETS TO DEFAULT CLASS - iptables -t mangle -A QOS-OUT -m mark --mark 0 -j MARK --set-mark $qossettings{'DEFCLASS_OUT'} + iptables -t mangle -A QOS-OUT -j CLASSIFY --set-class 1:$qossettings{'DEFCLASS_OUT'}

### ### $qossettings{'IMQ_DEV'} @@ -511,9 +511,6 @@ print <<END

### ADD QOS-INC CHAIN TO THE MANGLE TABLE IN IPTABLES iptables -t mangle -N QOS-INC - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN - iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN iptables -t mangle -A FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC iptables -t mangle -A FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS

@@ -527,7 +524,7 @@ END $qossettings{'TOS'} = abs $tosruleline[2] * 2; if ( $tosruleline[1] eq $qossettings{'IMQ_DEV'} ) { - print "\tiptables -t mangle -A QOS-INC -m tos --tos $qossettings{'TOS'} -j MARK --set-mark $qossettings{'CLASS'}\n"; + print "\tiptables -t mangle -A QOS-INC -m tos --tos $qossettings{'TOS'} -j CLASSIFY --set-class 2:$qossettings{'CLASS'}\n"; print "\tiptables -t mangle -A QOS-INC -m tos --tos $qossettings{'TOS'} -j RETURN\n"; }

@@ -563,7 +560,7 @@ print "\n\t### SET PORT-RULES\n"; if ($qossettings{'DPORT'} ne ''){ print "--dport $qossettings{'DPORT'} "; } - print "-j MARK --set-mark $qossettings{'CLASS'}\n"; + print "-j CLASSIFY --set-class 2:$qossettings{'CLASS'}\n"; print "\tiptables -t mangle -A QOS-INC "; if ($qossettings{'QIP'} ne ''){ print "-s $qossettings{'QIP'} "; @@ -607,7 +604,7 @@ END if ($qossettings{'DIP'} ne ''){ print "-d $qossettings{'DIP'} "; } - print "-m layer7 --l7dir /etc/l7-protocols/protocols --l7proto $qossettings{'L7PROT'} -j MARK --set-mark $qossettings{'CLASS'}\n"; + print "-m layer7 --l7dir /etc/l7-protocols/protocols --l7proto $qossettings{'L7PROT'} -j CLASSIFY --set-class 2:$qossettings{'CLASS'}\n"; print "\tiptables -t mangle -A QOS-INC "; if ($qossettings{'QIP'} ne ''){ print "-s $qossettings{'QIP'} "; @@ -621,7 +618,7 @@ END

print <<END ### REDUNDANT: SET ALL NONMARKED PACKETS TO DEFAULT CLASS - iptables -t mangle -A QOS-INC -m mark --mark 0 -j MARK --set-mark $qossettings{'DEFCLASS_INC'} + iptables -t mangle -A QOS-INC -j CLASSIFY --set-class 2:$qossettings{'DEFCLASS_INC'}

### SETTING TOS BITS END @@ -677,12 +674,6 @@ print <<END ip link del $qossettings{'IMQ_DEV'} >/dev/null 2>&1

# REMOVE & FLUSH CHAINS - iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1 - iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1

-- 2.20.1

Michael Tremer

4:46 p.m.

New subject: [PATCH 13/17] QoS: Drop tc filter rules to move marked packets into the correct class

This is no longer necessary since we are now using CLASSIFY

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 47 +----------------------------------- 1 file changed, 1 insertion(+), 46 deletions(-)

diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 7d680151b..f73fe2938 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -131,12 +131,6 @@ case "$1" in tc -s class show dev $qossettings{'IMQ_DEV'} exit 0 ;; - filter) - echo "[filter]" - tc -s filter show dev $qossettings{'RED_DEV'} - tc -s filter show dev $qossettings{'IMQ_DEV'} - exit 0 - ;; iptables) echo "[iptables]" iptables -t mangle -n -L QOS-OUT -v -x 2> /dev/null @@ -147,7 +141,6 @@ case "$1" in esac $0 $1 qdisc $0 $1 class - $0 $1 filter $0 $1 iptables exit 0 ;; @@ -230,25 +223,6 @@ foreach $subclassentry (sort @subclasses) { print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 1:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: fq_codel $fqcodel_options\n"; } } -print "\n\t### FILTER TRAFFIC INTO CLASSES\n"; -foreach $classentry (sort @classes) -{ - @classline = split( /;/, $classentry ); - if ($qossettings{'RED_DEV'} eq $classline[0]) { - $qossettings{'DEVICE'} = $classline[0]; - $qossettings{'CLASS'} = $classline[1]; - print "\ttc filter add dev $qossettings{'DEVICE'} parent 1:0 prio 0 protocol ip handle $qossettings{'CLASS'} fw flowid 1:$qossettings{'CLASS'}\n"; - } -} -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /;/, $subclassentry ); - if ($qossettings{'RED_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'CLASS'} = $subclassline[1]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc filter add dev $qossettings{'DEVICE'} parent 1:0 prio 0 protocol ip handle $qossettings{'SCLASS'} fw flowid 1:$qossettings{'SCLASS'}\n"; - } -} print <<END

### ADD QOS-OUT CHAIN TO THE MANGLE TABLE IN IPTABLES @@ -358,7 +332,6 @@ print "\n\t### SET PORT-RULES\n"; print "-j RETURN\n\n"; } } - print <<END

### SET LEVEL7-RULES @@ -488,25 +461,7 @@ foreach $subclassentry (sort @subclasses) { print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 2:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: fq_codel $fqcodel_options\n"; } } -print "\n\t### FILTER TRAFFIC INTO CLASSES\n"; -foreach $classentry (sort @classes) -{ - @classline = split( /;/, $classentry ); - if ($qossettings{'IMQ_DEV'} eq $classline[0]) { - $qossettings{'DEVICE'} = $classline[0]; - $qossettings{'CLASS'} = $classline[1]; - print "\ttc filter add dev $qossettings{'DEVICE'} parent 2:0 prio 0 protocol ip handle $qossettings{'CLASS'} fw flowid 2:$qossettings{'CLASS'}\n"; - } -} -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /;/, $subclassentry ); - if ($qossettings{'IMQ_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'CLASS'} = $subclassline[1]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc filter add dev $qossettings{'DEVICE'} parent 2:0 prio 0 protocol ip handle $qossettings{'SCLASS'} fw flowid 2:$qossettings{'SCLASS'}\n"; - } -} + print <<END

### ADD QOS-INC CHAIN TO THE MANGLE TABLE IN IPTABLES

-- 2.20.1

Michael Tremer

4:46 p.m.

New subject: [PATCH 14/17] QoS: Drop support for subclasses

This feature was never properly implemented and the UI was dead

diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index f73fe2938..9a57aad28 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -35,26 +35,22 @@ my $errormessage = ""; my $c = ""; my $direntry = ""; my $classentry = ""; -my $subclassentry = ""; my $l7ruleentry = ""; my $portruleentry = ""; my $tosruleentry = ""; my @tmp = (); my @classes = (); -my @subclasses = (); my @l7rules = (); my @portrules = (); my @tosrules = (); my @tmpline = (); my @classline = (); -my @subclassline = (); my @tosruleline = (); my @l7ruleline = (); my @portruleline = (); my @proto = (); my %selected= () ; my $classfile = "/var/ipfire/qos/classes"; -my $subclassfile = "/var/ipfire/qos/subclasses"; my $level7file = "/var/ipfire/qos/level7config"; my $portfile = "/var/ipfire/qos/portconfig"; my $tosfile = "/var/ipfire/qos/tosconfig"; @@ -81,9 +77,6 @@ $qossettings{'VALID'} = 'yes'; open( FILE, "< $classfile" ) or die "Unable to read $classfile"; @classes = <FILE>; close FILE; -open( FILE, "< $subclassfile" ) or die "Unable to read $subclassfile"; -@subclasses = <FILE>; -close FILE; open( FILE, "< $level7file" ) or die "Unable to read $level7file"; @l7rules = <FILE>; close FILE; @@ -183,27 +176,6 @@ foreach $classentry (sort @classes) print "\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /;/, $subclassentry ); - if ($qossettings{'RED_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'CLASS'} = $subclassline[1]; - $qossettings{'SCLASS'} = $subclassline[2]; - $qossettings{'SPRIO'} = $subclassline[3]; - $qossettings{'SRATE'} = $subclassline[4]; - $qossettings{'SCEIL'} = $subclassline[5]; - $qossettings{'SBURST'} = $subclassline[6]; - $qossettings{'SCBURST'} = $subclassline[7]; - print "\ttc class add dev $qossettings{'DEVICE'} parent 1:$qossettings{'CLASS'} classid 1:$qossettings{'SCLASS'} htb rate $qossettings{'SRATE'}kbit ceil $qossettings{'SCEIL'}kbit prio $qossettings{'SPRIO'} "; - if ($qossettings{'SBURST'} > 0) { - print "burst $qossettings{'SBURST'}k "; - } - if (($qossettings{'SCBURST'} ne '') && ($qossettings{'SCBURST'} ne 0)) { - print "cburst $qossettings{'CBURST'}k"; - } - print "\n"; - } -}

print "\n\t### ATTACH QDISC TO LEAF CLASSES\n"; foreach $classentry (sort @classes) @@ -215,14 +187,6 @@ foreach $classentry (sort @classes) print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 1:$qossettings{'CLASS'} handle $qossettings{'CLASS'}: fq_codel $fqcodel_options\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /;/, $subclassentry ); - if ($qossettings{'RED_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 1:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: fq_codel $fqcodel_options\n"; - } -} print <<END

### ADD QOS-OUT CHAIN TO THE MANGLE TABLE IN IPTABLES @@ -421,27 +385,6 @@ foreach $classentry (sort @classes) print "\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /;/, $subclassentry ); - if ($qossettings{'IMQ_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'CLASS'} = $subclassline[1]; - $qossettings{'SCLASS'} = $subclassline[2]; - $qossettings{'SPRIO'} = $subclassline[3]; - $qossettings{'SRATE'} = $subclassline[4]; - $qossettings{'SCEIL'} = $subclassline[5]; - $qossettings{'SBURST'} = $subclassline[6]; - $qossettings{'SCBURST'} = $subclassline[7]; - print "\ttc class add dev $qossettings{'DEVICE'} parent 2:$qossettings{'CLASS'} classid 2:$qossettings{'SCLASS'} htb rate $qossettings{'SRATE'}kbit ceil $qossettings{'SCEIL'}kbit prio $qossettings{'SPRIO'} "; - if ($qossettings{'SBURST'} > 0) { - print "burst $qossettings{'SBURST'}k "; - } - if (($qossettings{'SCBURST'} ne '') && ($qossettings{'SCBURST'} ne 0)) { - print "cburst $qossettings{'CBURST'}k"; - } - print "\n"; - } -}

print "\n\t### ATTACH QDISC TO LEAF CLASSES\n"; foreach $classentry (sort @classes) @@ -453,15 +396,6 @@ foreach $classentry (sort @classes) print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 2:$qossettings{'CLASS'} handle $qossettings{'CLASS'}: fq_codel $fqcodel_options\n"; } } -foreach $subclassentry (sort @subclasses) { - @subclassline = split( /;/, $subclassentry ); - if ($qossettings{'IMQ_DEV'} eq $subclassline[0]) { - $qossettings{'DEVICE'} = $subclassline[0]; - $qossettings{'SCLASS'} = $subclassline[2]; - print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 2:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: fq_codel $fqcodel_options\n"; - } -} - print <<END

### ADD QOS-INC CHAIN TO THE MANGLE TABLE IN IPTABLES @@ -588,17 +522,6 @@ END print "\tiptables -t mangle -A QOS-TOS -m mark --mark $qossettings{'CLASS'} -j RETURN\n"; } } - foreach $subclassentry (sort @subclasses) - { - @subclassline = split( /;/, $subclassentry ); - $qossettings{'SUBCLASS'} = $subclassline[1]; - $qossettings{'TOS'} = $subclassline[8]; - $qossettings{'TOS'} = abs $qossettings{'TOS'} * 2; - if ($qossettings{'TOS'} ne "0") { - print "\tiptables -t mangle -A QOS-TOS -m mark --mark $qossettings{'SUBCLASS'} -j TOS --set-tos $qossettings{'TOS'}\n"; - print "\tiptables -t mangle -A QOS-TOS -m mark --mark $qossettings{'SUBCLASS'} -j RETURN\n"; - } - }

print <<END

diff --git a/doc/language_issues.de b/doc/language_issues.de index 412efdc47..61b1c8078 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -30,6 +30,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -39,6 +40,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: addon @@ -140,6 +142,7 @@ WARNING: translation string unused: ccd maxclients WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -548,6 +551,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question WARNING: translation string unused: reboot schedule diff --git a/doc/language_issues.en b/doc/language_issues.en index 9ca53b50a..3581a688a 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -80,7 +80,6 @@ WARNING: untranslated string: Scan for Files = Scan for files WARNING: untranslated string: Scan for Songs = unknown string WARNING: untranslated string: Scan from Directory = Scan from directory WARNING: untranslated string: Set time on boot = Force setting the system clock on boot -WARNING: untranslated string: Subclass = Subclass WARNING: untranslated string: TOS Rule = TOS-Rule WARNING: untranslated string: TOS rule = TOS rule WARNING: untranslated string: The class number does not match the specified interface. = The class number does not match the specified interface. @@ -107,7 +106,6 @@ WARNING: untranslated string: add new alias = Add a new alias WARNING: untranslated string: add new lease = Add a new fixed lease WARNING: untranslated string: add printer = Add printer WARNING: untranslated string: add share = Add share -WARNING: untranslated string: add subclass = Add subclass WARNING: untranslated string: add user = Add user WARNING: untranslated string: added from dhcp lease list = Added from DHCP lease list WARNING: untranslated string: addons = Addons @@ -465,7 +463,6 @@ WARNING: untranslated string: check all = Check all WARNING: untranslated string: check vpn lr = Check WARNING: untranslated string: cipher = Encryption: WARNING: untranslated string: city = City -WARNING: untranslated string: class in use = The class is already in use. WARNING: untranslated string: clear playlist = Empty playlist WARNING: untranslated string: clenabled = Provide time to local network WARNING: untranslated string: click to disable = Enabled (click to disable) @@ -1517,7 +1514,6 @@ WARNING: untranslated string: proxy reports weekly = Weekly reports WARNING: untranslated string: ptr = PTR WARNING: untranslated string: pulse = Pulse WARNING: untranslated string: pulse dial = Pulse dial: -WARNING: untranslated string: qos add subclass = Add subclass WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth! WARNING: untranslated string: qos graphs = Qos Graphs WARNING: untranslated string: qos warning = The rule <strong>must</strong> be saved, otherwise it will be discarded! diff --git a/doc/language_issues.es b/doc/language_issues.es index 2af165d6b..a4c5bf1f5 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -9,6 +9,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -18,6 +19,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -129,6 +131,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -475,6 +478,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.fr b/doc/language_issues.fr index f48d65a80..3d657059f 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -31,6 +31,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -40,6 +41,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -159,6 +161,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -577,6 +580,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.it b/doc/language_issues.it index 59c649954..973a7c12c 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -10,6 +10,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -19,6 +20,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -137,6 +139,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -552,6 +555,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 836745e5a..2d5e06726 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -10,6 +10,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -19,6 +20,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -136,6 +138,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -547,6 +550,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 2af165d6b..a4c5bf1f5 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -9,6 +9,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -18,6 +19,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -129,6 +131,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -475,6 +478,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.ru b/doc/language_issues.ru index b904157b1..06e68dfd3 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -10,6 +10,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -19,6 +20,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -130,6 +132,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -478,6 +481,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/doc/language_issues.tr b/doc/language_issues.tr index cf773d8cb..5bbf9a1b5 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -31,6 +31,7 @@ WARNING: translation string unused: Queuelenght WARNING: translation string unused: Remote IP WARNING: translation string unused: Remote VPN IP WARNING: translation string unused: Resolv +WARNING: translation string unused: Subclass WARNING: translation string unused: TOS Bits WARNING: translation string unused: Verbose WARNING: translation string unused: access allowed @@ -40,6 +41,7 @@ WARNING: translation string unused: add cron WARNING: translation string unused: add network WARNING: translation string unused: add new ovpn WARNING: translation string unused: add service +WARNING: translation string unused: add subclass WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed @@ -159,6 +161,7 @@ WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config WARNING: translation string unused: choose media +WARNING: translation string unused: class in use WARNING: translation string unused: clear cache WARNING: translation string unused: compression WARNING: translation string unused: connect @@ -580,6 +583,7 @@ WARNING: translation string unused: proxy no proxy extend WARNING: translation string unused: proxy no proxy local WARNING: translation string unused: proxy port WARNING: translation string unused: psk +WARNING: translation string unused: qos add subclass WARNING: translation string unused: quick control WARNING: translation string unused: reboot ask WARNING: translation string unused: reboot question diff --git a/html/cgi-bin/qos.cgi b/html/cgi-bin/qos.cgi index b7af11204..320eef67d 100644 --- a/html/cgi-bin/qos.cgi +++ b/html/cgi-bin/qos.cgi @@ -38,19 +38,16 @@ my $errormessage = ""; my $c = ""; my $direntry = ""; my $classentry = ""; -my $subclassentry = ""; my $l7ruleentry = ""; my $portruleentry = ""; my $tosruleentry = ""; my @tmp = (); my @classes = (); -my @subclasses = (); my @l7rules = (); my @portrules = (); my @tosrules = (); my @tmpline = (); my @classline = (); -my @subclassline = (); my @l7ruleline = (); my @portruleline = (); my @tosruleline = (); @@ -58,7 +55,6 @@ my @proto = (); my %selected= (); my @checked = (); my $classfile = "/var/ipfire/qos/classes"; -my $subclassfile = "/var/ipfire/qos/subclasses"; my $level7file = "/var/ipfire/qos/level7config"; my $portfile = "/var/ipfire/qos/portconfig"; my $tosfile = "/var/ipfire/qos/tosconfig"; @@ -85,7 +81,6 @@ $qossettings{'IMQ_DEV_SEL'} = ''; $qossettings{'PRIO'} = ''; $qossettings{'SPD'} = ''; $qossettings{'CLASS'} = ''; -$qossettings{'SCLASS'} = ''; $qossettings{'QPORT'} = ''; $qossettings{'DPORT'} = ''; $qossettings{'QIP'} = ''; @@ -98,7 +93,6 @@ $qossettings{'MAXBWDTH'} = ''; $qossettings{'BURST'} = ''; $qossettings{'CBURST'} = ''; $qossettings{'DOCLASS'} = ''; -$qossettings{'DOSCLASS'} = ''; $qossettings{'DOLEVEL7'} = ''; $qossettings{'DOPORT'} = ''; $qossettings{'CLASS'} = ''; @@ -194,60 +188,12 @@ elsif ($qossettings{'DOCLASS'} eq $Lang::tr{'delete'}) } } close FILE; - open( FILE, "< $subclassfile" ) or die "Unable to read $classfile"; - @tmp = <FILE>; - close FILE; - open( FILE, "> $subclassfile" ) or die "Unable to write $classfile"; - foreach $subclassentry (sort @tmp) - { - @tmpline = split( /;/, $subclassentry ); - if ( $tmpline[1] ne $qossettings{'CLASS'} ) - { - print FILE $subclassentry; - } - } - close FILE; $message = "$Lang::tr{'Class'} $qossettings{'CLASS'} $Lang::tr{'Class was deleted'}"; }

############################################################################################################################ ############################################################################################################################

-if ($qossettings{'DOSCLASS'} eq $Lang::tr{'save'}) -{ - &validsubclass(); - &validminbwdth(); - if ( $qossettings{'VALID'} eq 'yes' ) { - open( FILE, ">> $subclassfile" ) or die "Unable to write $subclassfile"; - print FILE <<END -$qossettings{'DEVICE'};$qossettings{'CLASS'};$qossettings{'SCLASS'};$qossettings{'PRIO'};$qossettings{'MINBWDTH'};$qossettings{'MAXBWDTH'};$qossettings{'BURST'};$qossettings{'CBURST'};$qossettings{'TOS'}; -END -; - close FILE; - } else { - $qossettings{'ACTION'} = $Lang::tr{'qos add subclass'}; - } -} elsif ($qossettings{'DOSCLASS'} eq $Lang::tr{'delete'}) -{ - open( FILE, "< $subclassfile" ) or die "Unable to read $classfile"; - @tmp = <FILE>; - close FILE; - open( FILE, "> $subclassfile" ) or die "Unable to write $classfile"; - foreach $subclassentry (sort @tmp) - { - @tmpline = split( /;/, $subclassentry ); - if ( $tmpline[2] ne $qossettings{'CLASS'} ) - { - print FILE $subclassentry; - } - } - close FILE; - $message = "$Lang::tr{'Subclass'} $qossettings{'CLASS'} $Lang::tr{'was deleted'}."; -} - -############################################################################################################################ -############################################################################################################################ - if ($qossettings{'DOLEVEL7'} eq $Lang::tr{'save'}) { if ( $qossettings{'QIP'} ne '' ) { @@ -612,13 +558,6 @@ elsif ($qossettings{'ACTION'} eq $Lang::tr{'parentclass add'} ) &Header::closepage(); exit } -elsif ($qossettings{'ACTION'} eq $Lang::tr{'qos add subclass'}) -{ - &subclass(); - &Header::closebigbox(); - &Header::closepage(); - exit -} elsif ($qossettings{'ACTION'} eq $Lang::tr{'Add Rule'}) { &Header::openbox('100%', 'center', $Lang::tr{'Add Rule'}); @@ -967,81 +906,6 @@ END &Header::closebox(); }

-sub subclass { - &Header::openbox('100%', 'center', $Lang::tr{'Subclass'}); - print <<END - <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <table width='66%'> -END -; - if ( $message ne "" ) { - print "<tr><td colspan='3' align='center'>$message"; - } - print <<END - <tr><td colspan='3' width='100%'>$Lang::tr{'current class'}: $qossettings{'CLASS'} - <tr><td width='100%' colspan='3'>$Lang::tr{'enter data'} - <tr><td width='33%' align='right'>$Lang::tr{'Subclass'}:<td width='33%' align='left'><select name='SCLASS'> -END -; - if ($qossettings{'CLASS'} >= 100 && $qossettings{'CLASS'} < 121) { - $qossettings{'DEVICE'} = $qossettings{'RED_DEV'}; - for ( $c = 1000 ; $c <= 1020 ; $c++ ) - { - if ( $qossettings{'SCLASS'} ne $c ) - { print "<option value='$c'>$c</option>\n"; } - else { print "<option selected value='$c'>$c</option>\n"; } - } - } elsif ($qossettings{'CLASS'} >= 200 && $qossettings{'CLASS'} < 221) { - $qossettings{'DEVICE'} = $qossettings{'IMQ_DEV'}; - for ( $c = 2000 ; $c <= 2020 ; $c++ ) - { - if ( $qossettings{'SCLASS'} ne $c ) - { print "<option value='$c'>$c</option>\n"; } - else { print "<option selected value='$c'>$c</option>\n"; } - } - } - print <<END - </select> - <td width='33%' align='center'>  - <tr><td width='33%' align='right'>$Lang::tr{'priority'}:<td width='33%' align='left'><select name='PRIO'> -END -; - for ( $c = 1 ; $c <= 7 ; $c++ ) - { - if ( $qossettings{'PRIO'} ne $c ) - { print "<option value='$c'>$c</option>\n"; } - else { print "<option selected value='$c'>$c</option>\n"; } - } - print <<END - <td width='33%' align='center'>  - <tr><td width='33%' align='right'>$Lang::tr{'guaranteed bandwith'}: - <td width='33%' align='left'><input type='text' name='MINBWDTH' maxlength='8' required='1' value="$qossettings{'MINBWDTH'}" /> - <td width='33%' align='center'>  - <tr><td width='33%' align='right'>$Lang::tr{'max bandwith'}: - <td width='33%' align='left'><input type='text' name='MAXBWDTH' maxlength='8' required='1' value="$qossettings{'MAXBWDTH'}" /> - <td width='33%' align='center'>  - <tr><td width='33%' align='right'>Burst: - <td width='33%' align='left'><input type='text' name='BURST' maxlength='8' value="$qossettings{'BURST'}" /> - <td width='33%' align='center'>  - <tr><td width='33%' align='right'>Ceilburst: - <td width='33%' align='left'><input type='text' name='CBURST' maxlength='8' value="$qossettings{'CBURST'}" /> - <td width='33%' align='center'>  - <tr><td width='33%' align='right'>TOS-Bit: - <td width='33%' align='left'><select name='TOS'> - <option value='0'>$Lang::tr{'disabled'} (0)</option> - <option value='8'>$Lang::tr{'min delay'} (8)</option> - <option value='4'>$Lang::tr{'max throughput'} (4)</option> - <option value='2'>$Lang::tr{'max reliability'} (2)</option> - <option value='1'>$Lang::tr{'min costs'} (1)</option></select> - <td width='33%' align='center'><input type='hidden' name='CLASS' value="$qossettings{'CLASS'}" /> - <input type='hidden' name='DEVICE' value="$qossettings{'DEVICE'}" /> - <input type='submit' name='DOSCLASS' value='$Lang::tr{'save'}' /> <input type='reset' value='$Lang::tr{'reset'}' /> - </table></form> -END -; - &Header::closebox(); -} - sub level7rule { &Header::openbox('100%', 'center', $Lang::tr{'Level7 Rule'}); print <<END @@ -1164,9 +1028,6 @@ sub showclasses { @classes = <FILE>; close FILE; if (@classes) { - open( FILE, "< $subclassfile" ) or die "Unable to read $subclassfile"; - @subclasses = <FILE>; - close FILE; open( FILE, "< $level7file" ) or die "Unable to read $level7file"; @l7rules = <FILE>; close FILE; @@ -1203,11 +1064,6 @@ sub showclasses { <td align='center' bgcolor='$color{'color22'}'>$classline[7]</td> <td align='right' bgcolor='$color{'color22'}'> <table border='0'><tr> - <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='CLASS' value='$classline[1]' /> - <input type='hidden' name='ACTION' value='$Lang::tr{'qos add subclass'}' /> - <input type='image' alt='$Lang::tr{'add subclass'}' title='$Lang::tr{'add subclass'}' src='/images/addblue.gif' /> - </form> <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> <input type='hidden' name='CLASS' value='$classline[1]' /> <input type='hidden' name='ACTION' value='$Lang::tr{'Add Rule'}' /> @@ -1386,41 +1242,6 @@ END } END ; - foreach $subclassentry (sort @subclasses) - { - @subclassline = split( /;/, $subclassentry ); - if ( $subclassline[1] eq $classline[1] ) { - print <<END - <tr><td align='center' bgcolor='#FAFAFA'>$Lang::tr{'Subclass'}: - <td align='center' bgcolor='#FAFAFA'>$subclassline[2] - <td align='center' bgcolor='#FAFAFA'>$subclassline[3] - <td align='center' bgcolor='#FAFAFA'>$subclassline[4] - <td align='center' bgcolor='#FAFAFA'>$subclassline[5] - <td align='center' bgcolor='#FAFAFA'>$subclassline[6] - <td align='center' bgcolor='#FAFAFA'>$subclassline[7] - <td align='center' bgcolor='#FAFAFA'>$subclassline[8] - <td align='right' bgcolor='#FAFAFA'> - <table border='0'><tr> - <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='CLASS' value='$subclassline[2]' /> - <input type='hidden' name='ACTION' value='$Lang::tr{'Add Rule'}' /> - <input type='image' alt='$Lang::tr{'Add Rule'}' title='$Lang::tr{'Add Rule'}' src='/images/addgreen.gif' /> - </form> - <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='CLASS' value='$subclassline[2]' /> - <input type='hidden' name='DOSCLASS' value='$Lang::tr{'edit'}' /> - <input type='image' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' src='/images/edit.gif' /> - </form> - <td><form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='CLASS' value='$subclassline[2]' /> - <input type='hidden' name='DOSCLASS' value='$Lang::tr{'delete'}' /> - <input type='image' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' src='/images/delete.gif' /> - </form> - </table> -END -; - } - } print <<END </table> END @@ -1488,21 +1309,3 @@ sub validclass { } } } - -sub validsubclass { - if ( $qossettings{'VALID'} eq 'yes' ) { - open( FILE, "< $subclassfile" ) or die "Unable to read $subclassfile"; - @tmp = <FILE>; - close FILE; - foreach $subclassentry (sort @tmp) - { - @tmpline = split( /;/, $subclassentry ); - if ( $tmpline[2] eq $qossettings{'SCLASS'} ) - { - $qossettings{'VALID'} = 'no'; - $message = "$Lang::tr{'class in use'}"; - last - } - } - } -}

-- 2.20.1

Michael Tremer

4:46 p.m.

New subject: [PATCH 15/17] QoS: Drop support for setting TOS bits per class

This is useless since no ISP will evaluate those settings any more and it has a rather large impact on throughput.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 24 ------------------------ html/cgi-bin/qos.cgi | 12 ------------ 2 files changed, 36 deletions(-)

diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 9a57aad28..4f66b20b4 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -128,7 +128,6 @@ case "$1" in echo "[iptables]" iptables -t mangle -n -L QOS-OUT -v -x 2> /dev/null iptables -t mangle -n -L QOS-INC -v -x 2> /dev/null - iptables -t mangle -n -L QOS-TOS -v -x 2> /dev/null exit 0 ;; esac @@ -191,9 +190,7 @@ print <<END

### ADD QOS-OUT CHAIN TO THE MANGLE TABLE IN IPTABLES iptables -t mangle -N QOS-OUT - iptables -t mangle -N QOS-TOS iptables -t mangle -I POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT - iptables -t mangle -A POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS

### Don't change mark on traffic for the ipsec tunnel iptables -t mangle -A QOS-OUT -m mark --mark 50 -j RETURN @@ -401,7 +398,6 @@ print <<END ### ADD QOS-INC CHAIN TO THE MANGLE TABLE IN IPTABLES iptables -t mangle -N QOS-INC iptables -t mangle -A FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC - iptables -t mangle -A FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS

### SET TOS END @@ -509,22 +505,6 @@ print <<END ### REDUNDANT: SET ALL NONMARKED PACKETS TO DEFAULT CLASS iptables -t mangle -A QOS-INC -j CLASSIFY --set-class 2:$qossettings{'DEFCLASS_INC'}

- ### SETTING TOS BITS -END -; - foreach $classentry (sort @classes) - { - @classline = split( /;/, $classentry ); - $qossettings{'CLASS'} = $classline[1]; - $qossettings{'TOS'} = abs $classline[7] * 2; - if ($qossettings{'TOS'} ne "0") { - print "\tiptables -t mangle -A QOS-TOS -m mark --mark $qossettings{'CLASS'} -j TOS --set-tos $qossettings{'TOS'}\n"; - print "\tiptables -t mangle -A QOS-TOS -m mark --mark $qossettings{'CLASS'} -j RETURN\n"; - } - } - -print <<END - ## STARTING COLLECTOR /usr/local/bin/qosd $qossettings{'RED_DEV'} >/dev/null 2>&1 /usr/local/bin/qosd $qossettings{'IMQ_DEV'} >/dev/null 2>&1 @@ -553,15 +533,11 @@ print <<END

# REMOVE & FLUSH CHAINS iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT >/dev/null 2>&1 - iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1 - iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1 iptables -t mangle --flush QOS-OUT >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-OUT >/dev/null 2>&1 iptables -t mangle --flush QOS-INC >/dev/null 2>&1 iptables -t mangle --delete-chain QOS-INC >/dev/null 2>&1 - iptables -t mangle --flush QOS-TOS >/dev/null 2>&1 - iptables -t mangle --delete-chain QOS-TOS >/dev/null 2>&1

rmmod sch_htb >/dev/null 2>&1

diff --git a/html/cgi-bin/qos.cgi b/html/cgi-bin/qos.cgi index 320eef67d..8211a3ca0 100644 --- a/html/cgi-bin/qos.cgi +++ b/html/cgi-bin/qos.cgi @@ -883,18 +883,6 @@ END <tr><td width='33%' align='right'>Ceilburst: <td width='33%' align='left'><input type='text' size='20' name='CBURST' maxlength='8' value="$qossettings{'CBURST'}" /> <td width='33%' align='center'>  -END -; - $selected{'TOS'}{$qossettings{'TOS'}} = "selected='selected'"; -print <<END - <tr><td width='33%' align='right'>TOS-Bit: - <td width='33%' align='left'><select name='TOS'> - <option value='0' $selected{'TOS'}{'0'}>$Lang::tr{'disabled'} (0)</option> - <option value='8' $selected{'TOS'}{'8'}>$Lang::tr{'min delay'} (8)</option> - <option value='4' $selected{'TOS'}{'4'}>$Lang::tr{'max throughput'} (4)</option> - <option value='2' $selected{'TOS'}{'2'}>$Lang::tr{'max reliability'} (2)</option> - <option value='1' $selected{'TOS'}{'1'}>$Lang::tr{'min costs'} (1)</option></select> - <td width='33%' align='center'>  <tr><td width='33%' align='right'>$Lang::tr{'remark'}: <td width='66%' colspan='2' align='left'><input type='text' name='REMARK' size='40' maxlength='40' value="$qossettings{'REMARK'}" /> <tr><td width='33%' align='right'><img src='/blob.gif' alt='*' /> $Lang::tr{'required field'}

-- 2.20.1

Michael Tremer

4:46 p.m.

New subject: [PATCH 16/17] QoS: No longer set TOS bits for ACK packets

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 7 ------- 1 file changed, 7 deletions(-)

diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 4f66b20b4..934976a23 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -196,34 +196,27 @@ print <<END iptables -t mangle -A QOS-OUT -m mark --mark 50 -j RETURN

### MARK ACKs - iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j CLASSIFY --set-class 1:$qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j RETURN

iptables -t mangle -A QOS-OUT -p icmp -m length --length 40:100 -j CLASSIFY --set-class 1:$qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p icmp -m length --length 40:100 -j RETURN

- iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j CLASSIFY --set-class 1:$qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j RETURN

- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j CLASSIFY --set-class 1:$qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j RETURN

- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j CLASSIFY --set-class 1:$qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j RETURN

- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j CLASSIFY --set-class 1:$qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j RETURN

- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j CLASSIFY --set-class 1:$qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j RETURN

- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j TOS --set-tos 4 iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j CLASSIFY --set-class 1:$qossettings{'ACK'} iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j RETURN

-- 2.20.1

Michael Tremer

4:46 p.m.

New subject: [PATCH 17/17] QoS: Increase queue size and quantum for fq_codel

This optimises the QoS to process more bandwidth.

The limit variable sets the maximum number of packets in the queue which was regularly exceeded on fast connections with the old setting. This now allows up to 10G of data transfer and is set to the default of fq_codel.

Quantum sets how many bytes can be read from the queue per iteration. This is now set to the default again, which is the size of an Ethernet frame including its header.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/qos/makeqosscripts.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index 934976a23..ff4cbcb12 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -54,7 +54,7 @@ my $classfile = "/var/ipfire/qos/classes"; my $level7file = "/var/ipfire/qos/level7config"; my $portfile = "/var/ipfire/qos/portconfig"; my $tosfile = "/var/ipfire/qos/tosconfig"; -my $fqcodel_options = "limit 800 quantum 500"; +my $fqcodel_options = "limit 10240 quantum 1514";

&General::readhash("${General::swroot}/ethernet/settings", %netsettings);

-- 2.20.1

1867

Age (days ago)

1867

Last active (days ago)

development@lists.ipfire.org

16 comments

1 participants

tags (0)

participants (1)

Michael Tremer